Often hear people around the Kubernetes network is difficult to master, today to talk about how to quickly learn and master Kubernetes network.
Kubernetes network model
To master Kubernetes network, the most important thing is to be familiar with its basic network model. In fact, the Kubernetes network model is very simple, just master the following three points:
- Ip-per-pod: Each Pod has an independent IP address, and all containers in the Pod share a network namespace.
- All pods in the cluster are in a directly connected flat network, accessible directly over IP.
- The Service cluster IP address can be accessed only within the cluster. External requests must be accessed through NodePort, LoadBalance, or Ingress.
The three basic network models also mean:
- All containers can access each other directly without NAT.
- All nodes and all containers can access each other directly without NAT.
- The container itself sees the SAME IP as any other container.
So, you see the Kubernetes network model is very simple. Often, we think of networks as complex because of the use of custom network plug-ins, such as Calico, Cilium, etc. These network plug-ins satisfy the Kubernetes network model, but also provide a lot of additional functions. These additional features are complicated when combined with Kubernetes’ original networking capabilities.
How to master Kubernetes network
After knowing the Kubernetes network model, it is also easy to think of the knowledge points needed to master it, including:
- There are many network terms mentioned in Kubernetes network model, such as network namespace, IP, routing, NAT, LoadBalance and so on. Of course, these basic network knowledge must be mastered.
- Kubernetes mostly runs on Linux servers, so the fundamentals of Linux networking are a necessary foundation.
- Service, Ingress, NetworkPolicy in Kubernetes are resources that directly control network functions. You need to be familiar with their principles and usage methods.
- In actual use, it is usually necessary to adapt to the actual network environment through CNI plug-in, so the principle of CNI plug-in and the corresponding CNI plug-in also need to master the content.
When learning CNI network plug-in, you can start from the most basic Bridge plug-in, and gradually deepen from Pod creation and IP acquisition, communication with node Pod and then to inter-node Pod communication.
The principle of common network plug-ins can refer to the open source e-book “Kubernetes Guide” network plug-ins module.
How advanced
With this knowledge of networking in hand, you should be able to deal with common network-related problems in Kubernetes clusters. However, in complex scenarios, you may need to go further and further to be able to fully control the Kubernetes network.
Of course, the specific direction of progress is also different according to the actual needs, such as
- When you need to troubleshoot network related problems (such as performance jitter and network faults), in addition to the Linux network principles, you also need to go into the kernel to understand the implementation mechanism of the Linux kernel network protocol stack.
- When you need to get through the network connectivity between multiple clusters, in addition to the internal network principle of a single cluster, you also need to understand the multi-cluster network interconnection methods, such as dedicated line connectivity, gateways, tunnels and so on.
- When you need to govern complex microservices such as canary deployment, traffic control, network observation, and encryption of requests between services, Service Mesh is the best choice.
- When network performance is your bottleneck, eBPF, DPDK, SR-IOV, and others offer ways to bypass the kernel stack to optimize network performance.
(Image from Redhat.com)
Please refer to the Kubernetes Guide for more details and learning materials related to the Kubernetes network.
Welcome to pay attention to chat cloud native public number, learn more cloud native knowledge.