Getting Started with Kubernetes | Kubernetes Network Model

Evolution of the Kubernetes Network Model

How Do Pods Go Online?

  • Protocol
  • Network topology
  • The first part is access, in which the container connects to the host through Veth+bridge, Veth+pair, MACVLAN, or IPVLAN, to send the packet to the host space. Veth+bridge and Veth+pair are classic connection modes, whereas MACVLAN and IPVLAN are supported by advanced kernel versions.
  • The second part is throttling. You can determine whether to implement a network policy to control packet sending and how to implement this policy. The network policy must be implemented on a key node along the data path. The network policy does not take effect if the hook is outside the data path.
  • The third is channel setup, which specifies how to transmit packets between two hosts. Packets can be transmitted through routing, which can be divided into Border Gateway Protocol (BGP) routing and direct routing. Packets can also be transmitted through tunneling. The process of sending a packet from a container to the peer end can be summarized as follows: (1) The packet leaves the container and reaches the host through the access layer; (2) The packet passes through the host’s throttling module (if any) and a channel to reach the peer end.

Flannel HostGW: A Simple Routing Solution

  • The first entry is simple and required for setting a network interface controller (NIC). It specifies the source IP address of the default route and the default device.
  • The second entry specifies rule feedback for subnets. For example, assume that the CIDR block 10.244.0.0 has a 24-bit mask and a gateway address 10.244.0.1, which is located on a bridge. Each packet in this CIDR block is sent to the IP address of the bridge.
  • The third entry specifies feedback to the peer end. For example, the subnet on the left of the preceding figure corresponds to the CIDR block 10.244.1.0. The IP address (10.168.0.3) of the host’s NIC can be used as the gateway IP address. Packets destined for the 10.244.1.0 CIDR block are forwarded through the 10.168.0.3 gateway.

How Do Kubernetes Services Work

An LVS Service

  • Step 1: Bind the VIP locally (to deceive the kernel).
  • Step 2: Create an IP virtual server (IPVS) for the VIP.
  • Step 3: Create a real server for the IPVS.

Internal Load Balancing and External Load Balancing

ClusterIP

NodePort

LoadBalancer

ExternalName

Summary

  • This article describes the evolution of the Kubernetes network model and the purpose of PerPodPerIP.
  • A packet is sent from the top down in the Kubernetes network model, starting from Layer 4. When the packet is received at the peer end, the MAC header and IP header are removed from the packet. This packet transmission process is also applicable to a container network.
  • The ingress mechanism implements service-port mapping and allows you to configure external service provisioning for a cluster. This article provides a feasible deployment example to enable you to associate concepts such as ingress, cluster IP address, and pod IP address and understand the new mechanisms and object resources introduced in the Kubernetes community.

Original Source:

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Alibaba Cloud

Alibaba Cloud

Follow me to keep abreast with the latest technology news, industry insights, and developer trends. Alibaba Cloud website:https://www.alibabacloud.com