logo
allArticlesConferencesPresentations

Inside Kubernetes Networking

Conference:  KubeCon + CloudNativeCon Europe 2021

Authors:   Dominik Tornow

Summary

The presentation provides an overview of Kubernetes Networking and its complexities, with a focus on the network model, service routing, and pod network model.
  • Kubernetes Networking is a core abstraction of Kubernetes that guarantees communication between all Pods in a cluster
  • Kubernetes provides additional core abstractions, such as Services and Ingress
  • The presentation uses a systems modeling approach to provide a holistic mental model of Kubernetes Networking
  • The network stack includes Pod-to-Pod communication, Pod-to-Service communication, and Ingress
  • Kubernetes worker nodes use kube-proxy to manage and forward requests to individual backend pods
  • There are three modes of kube-proxy: user space, iptables, and ipvs
  • The Pod Network Model allows pods to directly address each other regardless of the host they are running on
  • Considerations include using a CNI implementation that supports the network policy API, ensuring pods do not run with the net admin capability, and taking into account the CNI implementation and ingress controllers in different Kubernetes environments
The presentation uses the example of a person browsing the web and clicking on a link to illustrate the complexities of Kubernetes Networking. The request gets routed through the internet to the cloud provider, where a Kubernetes cluster is running with a load balancer that routes requests to individual backend pods. The network model includes separate networks at the cluster, node, and service levels, with each service having a separate virtual IP address assigned to it.

Abstract

Kubernetes Networking is a core abstraction of Kubernetes: At the core, the Kubernetes Networking Model guarantees that all Kubernetes Pods on a cluster can communicate. On top of the Kubernetes Network Model, Kubernetes provides additional core abstractions, most notably Kubernetes Services and Kubernetes Ingress. Although K8s Networking is an essential aspect of every K8s Cluster and by extension every K8s Application, even experienced K8s users struggle to reason about K8s Networking end-to-end. Using a systems modeling approach, this presentation will provide a holistic mental model of K8s Networking - integrating Pod-to-Pod communication, Pod-to-Service communication, and Ingress, applicable to all CNI implementations. Walk away with a dependable, holistic understanding of the entire network stack, fill in the blanks and connect the dots between Kubernetes Networking, Kubernetes Services, and Kubernetes Ingress.
Materials:
Slides
Tags:

Post a comment

Related work

Surviving Day 2 - How to Troubleshoot Kubernetes Networking

Conference:  KubeCon + CloudNativeCon Europe 2023
Authors: Thomas Graf
2023-04-21

Three Surprising K8s Networking “Features” and How to Defend Against Them - James Cleverley

Conference:  KubeCon + CloudNativeCon Europe 2022
Authors: James Cleverley-Prance
2022-05-20

Kubernetes Networking 101 - Randy Abernethy, RX

Conference:  KubeCon + CloudNativeCon Europe 2022
Authors: Randy Abernethy
2022-05-20

The State of the Cloud Native Network: Deep-dive from TAG-Network

Conference:  KubeCon + CloudNativeCon North America 2022
Authors: Ed Warnicke, Lee Calcote
2022-10-27

Beyond printf and tcpdump: Debugging Kubernetes Networking with eBPF

Conference:  KubeCon + CloudNativeCon North America 2021
Authors: Martynas Pumputis, Aditi Ghag
2021-10-15

Five Ways With a CNI: Understanding Kubernetes Networking For Performance-Intensive Workloads

Conference:  KubeCon + CloudNativeCon North America 2022
Authors: Stig Telfer, Erez Cohen
2022-10-27