Open in app

Sign in

Write

Sign in

Mastodon

Kubernetes Networking — 2

Always learning
5 min readApr 29, 2023

--

Kubernetes networking is the communication between different components of a Kubernetes cluster.

It is used to enable communication between applications running inside the cluster, as well as communication between the cluster and external services.

Kubernetes networking also provides a way to manage the network traffic within the cluster, allowing users to configure ingress and egress rules to control the flow of traffic.

Kubernetes networking is based on the Container Network Model (CNM) which is a set of standards and specifications for container networking.

The CNM defines the various components of a Kubernetes networking system, including Pod, Deployment, Service, Volume, and Host Path. Each of these components has a specific purpose and is used to configure and manage network traffic within a Kubernetes cluster.

  • Primary node. The primary node manages the Kubernetes cluster’s worker nodes and controls pod deployment.
  • Worker node. Worker nodes are servers that generally run Kubernetes components such as application containers and proxies in pods.
  • Service. A service is an abstraction with a stable IP address and ports that functions as a proxy or internal load balancer for requests across pods.
  • Pod. The pod is the basic deployment object in Kubernetes, each with its own IP address. A pod can contain one or multiple containers.
  • Other Kubernetes components. Additional important Kubernetes system components include the Kubelet, the API Server, and the etcd.

Kubernetes networking enables communication between Kubernetes components and between components and other applications.

Because its flat network structure eliminates the need to map ports between containers, the Kubernetes platform provides a unique way to share virtual machines between applications and run distributed systems without dynamically allocated ports.

Networking is critical to Kubernetes, but it is complex. There are several Kubernetes networking basics for any Kubernetes networking implementation.

There are several essential things to understand about Kubernetes networking:

  • Container-to-container networking: containers in the same pod communicating
  • Pod-to-pod networking, both same node and across nodes
  • Pod-to-service networking: pods and services communicating
  • DNS and internet-to-service networking: discovering IP addresses.

Kubernetes network policies enable the control of traffic flow for particular cluster applications at the IP address and port levels (OSI layers 3 and 4).

An application-centric construct, Kubernetes network policies allow users to specify how pods and various network entities such as services and endpoints are permitted to communicate over the network.

A combination of the following 3 identifiers clarifies how entities and pods can communicate:

  • A list of other allowed pods, although a pod cannot block access to itself.
  • A list of allowed namespaces.
  • Via IP blocks that work like exceptions: traffic to and from the pod’s node is always allowed, regardless of the pod or node’s IP address.

Kubernetes networking let’s see a few of the points below:

1) Pod

2) Service

3) Master Node

4) Worker Node

5) Ingress

6) Network Policies

7) DNS

8) CNI Plugins

Pods

Pods are the smallest deployable units of computing that you can create and manage in Kubernetes.

Service

A Service is a Kubernetes resource that provides a way to access applications running inside a Kubernetes cluster. A Service provides a single IP address and a single port that applications can use to access the service. A Service can also be used to expose applications running in a Kubernetes cluster to external services.

In Kubernetes, Services are created using a YAML file that specifies the configuration of the Service. Here is an example YAML file for creating a Service:

apiVersion: v1
kind: Service
metadata:
  name: my-service
spec:
  selector:
    app.kubernetes.io/name: MyApp
  ports:
    - protocol: TCP
      port: 80
      targetPort: 9376

Master Node

A master node is a node which controls and manages a set of worker nodes (workloads runtime) and resembles a cluster in Kubernetes. A master node has the following components to help manage worker nodes:

  1. Kube-API Server
  2. Kube-Controller-Manager
  3. Etcd
  4. Kube Scheduler

Worker Node

The worker nodes are part of the Kubernetes clusters which actually execute the containers and applications on them. They have two main components

  1. Kubelet Service
  2. Kube-Proxy Service

Ingress

Ingress exposes HTTP and HTTPS routes from outside the cluster to services within the cluster.

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: minimal-ingress
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  ingressClassName: nginx-example
  rules:
  - http:
      paths:
      - path: /testpath
        pathType: Prefix
        backend:
          service:
            name: test
            port:
              number: 80

Network Policy Specification

PodSelector: Each of these includes a pod selector that selects the grouping of pods to which the policy applies. This selects particular Pods in the same namespace as the Kubernetes Network Policy which should be allowed as ingress sources or egress destinations.

Policy Types: Indicates which sorts of arrangements are remembered for this approach, Ingress, or Egress.

Ingress: Each Network Policy may include a list of allowed ingress rules. This includes inbound traffic whitelist rules.

Egress: Each Network Policy may include a list of allowed egress rules. This includes outbound traffic whitelist rules.

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: test-network-policy
  namespace: default
spec:
  podSelector:
    matchLabels:
      role: db
  policyTypes:
    - Ingress
    - Egress
  ingress:
    - from:
        - ipBlock:
            cidr: 172.17.0.0/16
            except:
              - 172.17.1.0/24
        - namespaceSelector:
            matchLabels:
              project: myproject
        - podSelector:
            matchLabels:
              role: frontend
      ports:
        - protocol: TCP
          port: 6379
  egress:
    - to:
        - ipBlock:
            cidr: 10.0.0.0/24
      ports:
        - protocol: TCP
          port: 5978

DNS

DNS (Domain Name System) is a critical component of any network, allowing clients to resolve hostnames to IP addresses. In a Kubernetes cluster, DNS is used to resolve Service names to their corresponding IP addresses.

DNS Records

What objects get DNS records?

  1. Services
  2. Pods

CNI PLUGINS

Container Network Interface, a Cloud Native Computing Foundation venture, comprises detail and libraries for writing plugins to configure network interfaces in Linux containers.

Ibbus
K8s
Kubeweek
Kubernetes
Cluster

--

--

Always learning
Always learning

Written by Always learning

372 Followers
2 Following

கற்றுக் கொள்ளும் மாணவன்...

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams