Networking in Kubernetes
-
Golden rule of k8s networking:
Every Pod can talk to every other Pod uwing IP - without NAT
-
Every Pod
- has its own IP
- Is routable
- Is isolated via namespaces
- k8s itself doesnot implement this, it delegates to CNI
- CNI is a specification + execution plugins.
- k8s calls the CNI plugin with
- pod details
- Network namespace path
- Action (ADD/DEL)
- THe CNI plugin
- sets up the networking
- Returns IP + routes
- In k8s never depend on Pod IP
- Pods are ephemeral (They die and get recreated)
- IPs change
- How do we give stable endpoint thats where Services and Kube-proxy come-in
- kube-proxy is the component that makes services work. It runs on every node and programs traffic rules
- A service in k8s provides
- a Stable virtul ip (Cluster IP)
- Load balancing to backend pods
Service IP: 10.96.0.10
Backends:
Pod A: 10.244.1.10
Pod B: 10.244.2.11
- When we create a Service,
- k8s updates endpoints
- kube-proxy
- watches services and endponts
- Porgrams rules using iptables
-
Traffic to service ip will be redirected to Pods
-
Lets create a replicaset
---
apiVersion: apps/v1
kind: ReplicaSet
metadata:
name: example-1
labels:
purpose: learning
spec:
replicas: 4
minReadySeconds: 2
selector:
matchLabels:
app: web
template:
metadata:
labels:
app: web
env: dev
spec:
containers:
- name: nginx
image: nginx:1.14.2
resources:
limits:
memory: "128Mi"
cpu: "500m"
ports:
- containerPort: 80
- This creates 4 pods with each pod having a unique ip
- To have a unique stable ip and loadbalance (layer 4) requests among pods we create service
- A service in k8s can be exposed to outside k8s cluster as well
- A service has 4 types
- cluster ip (internal to cluster)
- Node Port
- Load Balancer
- ExternalName (DNS record)
- Api reference
---
apiVersion: v1
kind: Service
metadata:
name: ex1-svc
spec:
type: ClusterIP
selector:
app: web
ports:
- name: web
port: 80
targetPort: 80
protocol: TCP
- A service can be exposed to outside work via Node port
---
apiVersion: v1
kind: Service
metadata:
name: ex1-svc-external
spec:
type: NodePort
selector:
app: web
ports:
- name: web
port: 80
targetPort: 80
protocol: TCP
nodePort: 30000
Exercies
- Create a service which maps to any label in your deployment and perform a rolling update.
- While the deployment is happend access the application via Serivce (Node Port), Ensure application is acessible.
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: example-2
labels:
app: web
annotations:
kubernetes.io/change-cause: "nginx"
spec:
minReadySeconds: 5
replicas: 4
revisionHistoryLimit: 10
selector:
matchLabels:
app: web
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
template:
metadata:
labels:
app: web
env: dev
spec:
containers:
- name: web
image: nginx
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: ex2-svc-external
spec:
type: NodePort
selector:
app: web
ports:
- name: web
port: 80
targetPort: 80
protocol: TCP
nodePort: 30000
- apply this and access application
Like this:
Like Loading...
