# Network Design Principles ![Kubernetes Network](https://kubernetes.io/docs/images/kubernetes-cluster-network.svg) *Source:* [*https://kubernetes.io/docs/concepts/cluster-administration/networking/#kubernetes-ip-address-ranges*](https://kubernetes.io/docs/concepts/cluster-administration/networking/#kubernetes-ip-address-ranges) ## Node Network The Node Network consists of Kubernetes worker nodes and control plane nodes. All nodes can communicate with each other. * Every node in the Kubernetes cluster should be able to communicate with every other node without NAT (Network Address Translation). * Kubernetes assumes a flat network where all nodes can talk freely. * Nodes usually have a routable IP address within the cluster. To see Nodes IP we can use command `kubectl get nodes -o wide`. ```bash ➜ kubectl get nodes -o wide NAME STATUS ROLES AGE VERSION INTERNAL-IP minikube Ready control-plane 19h v1.31.0 192.168.49.2 EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME Ubuntu 22.04.4 LTS 6.10.14-linuxkit docker://27.2.0 ``` ## Pod Network The Pod Network is where all Kubernetes pods communicate. Pods within the cluster communicate using direct IP routing. * Every pod gets a unique IP Address. * Every pod in a Kubernetes cluster gets a unique IP address. * Pod-to-pod communication happens directly without NAT. * The Container Network Interface (CNI) plugin is responsible for managing pod networking. * Container inside the same pod communicate by `localhost`. We can test pod to pod communication by `ping` from a pod to other pod. ```bash ➜ kubectl get pods -o wide NAME READY STATUS RESTARTS AGE postgres-f8f589d5b-59rw8 1/1 Running 0 4h37m simple-go-5dc4557ffc-c24fp 1/1 Running 0 4h8m simple-go-5dc4557ffc-d6tz6 1/1 Running 0 4h8m simple-go-5dc4557ffc-gv4fv 1/1 Running 0 4h8m IP NODE NOMINATED NODE READINESS GATES 10.244.0.11 minikube 10.244.0.17 minikube 10.244.0.15 minikube 10.244.0.16 minikube ``` ```bash ➜ kubectl exec -it simple-go-5dc4557ffc-c24fp -- ping 10.244.0.11 PING 10.244.0.11 (10.244.0.11): 56 data bytes 64 bytes from 10.244.0.11: seq=0 ttl=64 time=97.104 ms 64 bytes from 10.244.0.11: seq=1 ttl=64 time=0.219 ms 64 bytes from 10.244.0.11: seq=2 ttl=64 time=0.292 ms 64 bytes from 10.244.0.11: seq=3 ttl=64 time=0.160 ms 64 bytes from 10.244.0.11: seq=4 ttl=64 time=0.395 ms ^C --- 10.244.0.11 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max = 0.160/19.634/97.104 ms ``` ## Service Network The Service Network is a virtual network used for Kubernetes Services. Services get a stable ClusterIP that does not change. Kubernetes load-balances traffic across backend pods. Kubernetes rewrites outbound traffic from a pod if it's destined for a Service.This ensures that the request is routed correctly to a backend pod. * Services use ClusterIP (virtual IP) to route traffic to pods. * kube-proxy manages service traffic using iptables or IPVS. Get service endpoints: ```bash ➜ kubectl get endpoints NAME ENDPOINTS AGE kubernetes 192.168.49.2:8443 24h postgres 10.244.0.11:5432 4h35m simple-go 10.244.0.15:8080,10.244.0.16:8080,10.244.0.17:8080 4h11m ``` ## References * --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://bagus-cahyono.gitbook.io/programming-notes/cka/01_network.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.