Kubernetes Networking
The challenge for the #KubeWeek
5 min read
TABLE OF CONTENTS
☸ What is Cluster Networking?
Cluster Networking provides communication between different pods and containers within a pod use networking to communicate via loopback
Networking is a central part of Kubernetes, but it can be challenging to understand exactly how it is expected to work. There are 4 distinct networking problems to address:
Highly-coupled container-to-container communications: this is solved by Pods and
localhostcommunications.Pod-to-Pod communications
Pod-to-Service communications
External-to-Service communications
☸Within pod containers communication
containers within a pod use networking to communicate via loopback. Highly-coupled container-to-container communications: this is solved by Pods and localhost communications
Example of Manifest file.
save this file as pod1.yml
kind: Pod
apiVersion: v1
metadata:
name: testpod
spec:
containers:
- name: c00
image: ubuntu
command: ["/bin/bash", "-c", "while true; do echo Hello-Bhupinder; sleep 5 ; done"]
- name: c01
image: httpd
ports:
- containerPort: 80
To apply this file use the below command
kubectl apply -f pod1.yml
To get pods details.
kubectl get pods
To get inside the container
kubectl ecec testpod -it -c c00 -- /bin/bash
Update the container and install curl inside it
apt update && apt install curl
To check the communication of containers.
curl localhost:80
Output: <it works>
☸Services
The service resources let's you expose an application running in pods to be reachable from outside your cluster.
you can also use services to publish services only for consumption inside your cluster
Manifest file for the example. save as service.yml
kind: Service # Defines to create Service type Object
apiVersion: v1
metadata:
name: demoservice
spec:
ports:
- port: 80 # Containers port exposed
targetPort: 80 # Pods port
selector:
name: deployment # Apply this service to any pods which has the specific label
type: ClusterIP # Specifies the service type i.e ClusterIP or NodePort
To apply this file use the below command
kubectl apply -f service.yml
To get services details.
kubectl get svc
To check the communication of containers.
curl ip address:80
☸Cluster Ip
Exposes virtual IP only reachable from within the cluster.
mainly used to communicate between components of microservices.
☸Node port
makes a service accessible from the outside the cluster.
exposes the service on the same port of each selected node in the cluster using NAT.
☸Ingress
an Ingress is an object that allows access to Kubernetes services from outside the Kubernetes cluster.
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: test-ingress annotations: kubernetes.io/ingress.class: "gce" spec: tls: - secretName: my-ssl-secret rules: - host: testhost.com http: paths: - path: /* backend: serviceName: service-test servicePort: 80
☸ Network Policies
NetworkPolicies are an application-centric construct which allow you to specify how a pod is allowed to communicate with various network "entities" (we use the word "entity" here to avoid overloading the more common terms such as "endpoints" and "services", which have specific Kubernetes connotations) over the network.
apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: deny-all namespace: default spec: podSelector: {} policyTypes: - Ingress - Egress
DNS
Kubernetes creates DNS records for Services and Pods. You can contact Services with consistent DNS names instead of IP addresses..
Kubernetes publishes information about Pods and Services which is used to program DNS. Kubelet configures Pods' DNS so that running containers can lookup Services by name rather than IP.
CNI Plugins
Kubernetes Container Network Interface (CNI) plugins for cluster networking
Different plugins are available (both open- and closed- source) in the wider Kubernetes ecosystem.
A CNI plugin is required to implement the Kubernetes network model.