Kubernetes Network Model
- Till now we have tried to understand the coceptual framework of CNI and responsibilities, Today lets understand the packet flow/routing in k8s
-
K8s dictates the following requirements
- All Pods must communicate with each other without NAT
- Nodes can communicate with Pods without NAT
- Pod ip address is same as those outside the Pods that it sees itself
-
With the above constraints we have 4 distinct network problems
- Container to Container networking
- Pod to Pod Networking
- Pod to Service Networking
- Internet to Service Networkin
Container to Container Networking
- Two continers in the same Pod share the same network namespace
- The communication will happend over localhost(127.0.0.1)
Pod to Pod Networking
- Every Pod gets an Ip Address
- Here lets understand this with two situations
- Two Pods in same Node
- Two Pods in two different Nodes
Two Pods in Same Node
- Pods are connected to root namespace with the help of veth and brdige
Two Pods in two different Nodes
- Overview
Pod to Service Networking
- Service
- Kube-proy component on the node implements netfilter and iptables to make the service concept a reality
