Network Design Principles

Kubernetes Network Source: https://kubernetes.io/docs/concepts/cluster-administration/networking/#kubernetes-ip-address-ranges

Node Network

The Node Network consists of Kubernetes worker nodes and control plane nodes. All nodes can communicate with each other.

Every node in the Kubernetes cluster should be able to communicate with every other node without NAT (Network Address Translation).
Kubernetes assumes a flat network where all nodes can talk freely.
Nodes usually have a routable IP address within the cluster.

To see Nodes IP we can use command kubectl get nodes -o wide.

➜ kubectl get nodes -o wide
NAME       STATUS   ROLES           AGE   VERSION   INTERNAL-IP    
minikube   Ready    control-plane   19h   v1.31.0   192.168.49.2   

EXTERNAL-IP   OS-IMAGE             KERNEL-VERSION     CONTAINER-RUNTIME
<none>        Ubuntu 22.04.4 LTS   6.10.14-linuxkit   docker://27.2.0

Pod Network

The Pod Network is where all Kubernetes pods communicate. Pods within the cluster communicate using direct IP routing.

Every pod gets a unique IP Address.
Every pod in a Kubernetes cluster gets a unique IP address.
Pod-to-pod communication happens directly without NAT.
The Container Network Interface (CNI) plugin is responsible for managing pod networking.
Container inside the same pod communicate by localhost.

We can test pod to pod communication by ping from a pod to other pod.

➜ kubectl get pods -o wide
NAME                         READY   STATUS    RESTARTS   AGE     
postgres-f8f589d5b-59rw8     1/1     Running   0          4h37m   
simple-go-5dc4557ffc-c24fp   1/1     Running   0          4h8m    
simple-go-5dc4557ffc-d6tz6   1/1     Running   0          4h8m    
simple-go-5dc4557ffc-gv4fv   1/1     Running   0          4h8m    

IP            NODE       NOMINATED NODE   READINESS GATES
10.244.0.11   minikube   <none>           <none>
10.244.0.17   minikube   <none>           <none>
10.244.0.15   minikube   <none>           <none>
10.244.0.16   minikube   <none>           <none>

➜ kubectl exec -it simple-go-5dc4557ffc-c24fp -- ping 10.244.0.11
PING 10.244.0.11 (10.244.0.11): 56 data bytes
64 bytes from 10.244.0.11: seq=0 ttl=64 time=97.104 ms
64 bytes from 10.244.0.11: seq=1 ttl=64 time=0.219 ms
64 bytes from 10.244.0.11: seq=2 ttl=64 time=0.292 ms
64 bytes from 10.244.0.11: seq=3 ttl=64 time=0.160 ms
64 bytes from 10.244.0.11: seq=4 ttl=64 time=0.395 ms
^C
--- 10.244.0.11 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 0.160/19.634/97.104 ms

Service Network

The Service Network is a virtual network used for Kubernetes Services. Services get a stable ClusterIP that does not change. Kubernetes load-balances traffic across backend pods.

Kubernetes rewrites outbound traffic from a pod if it's destined for a Service.This ensures that the request is routed correctly to a backend pod.

Services use ClusterIP (virtual IP) to route traffic to pods.
kube-proxy manages service traffic using iptables or IPVS.

Get service endpoints:

➜ kubectl get endpoints        
NAME         ENDPOINTS                                            AGE
kubernetes   192.168.49.2:8443                                    24h
postgres     10.244.0.11:5432                                     4h35m
simple-go    10.244.0.15:8080,10.244.0.16:8080,10.244.0.17:8080   4h11m

References

https://kubernetes.io/docs/concepts/cluster-administration/networking/

PreviousSetup Minikube NextRole-Based Access Control (RBAC)

Last updated 9 months ago