Day 2: Kubernetes Networking

Day 2: Kubernetes Networking

📍 Introduction

Kubernetes has become the go-to platform for container orchestration, and one of the key features that makes it so powerful is its networking capabilities. Kubernetes networking is a complex topic that can be difficult to understand, but it is essential to master if you want to get the most out of this container orchestration platform. In this blog post, we will take a closer look at Kubernetes networking, what it is, how it works, and why it matters.

🔹What is Kubernetes networking

Kubernetes networking is the process of configuring and managing the networking between the various components of a Kubernetes cluster. This includes the communication between pods, nodes, and services, as well as the network connectivity between the Kubernetes cluster and the outside world. In a Kubernetes cluster, each pod gets its unique IP address, which allows them to communicate with each other. Pods are grouped into services, which also have their IP addresses. Services provide a way to access pods from other parts of the cluster or the outside world.

🔹Services

A Kubernetes service is an abstraction that represents a set of pods that provide the same functionality. Services enable pods to communicate with each other, as well as with other resources in the cluster. Each service has its own IP address and port number, which are used to route traffic to the appropriate pods. Services can be exposed either within the cluster or externally.

To set up a Kubernetes service, you can create a YAML file that describes the service, including its name, selector, port, and type.

apiVersion: v1
kind: Service
metadata:
  name: my-service
spec:
  selector:
    app: my-app
  ports:
  - name: http
    port: 80
    targetPort: 80
  type: ClusterIP

🔹Ingress

Ingress is a Kubernetes resource that enables external access to services within a cluster. Ingress allows traffic to be routed to specific services based on URL paths or hostnames. Ingress controllers are responsible for managing ingress resources and configuring load balancers or reverse proxies to route traffic to the appropriate services.

To create an ingress resource, you can create another YAML file that describes the ingress rules.

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-ingress
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  rules:
  - host: my-app.com
    http:
      paths:
      - path: /api
        pathType: Prefix
        backend:
          service:
            name: my-service
            port:
              name: http

🔹Network Policies

Kubernetes network policies are a way to control traffic flow between pods in a cluster. Network policies can be used to define rules that allow or block traffic based on various criteria, such as IP addresses, ports, or labels. Network policies provide an additional layer of security and can be used to enforce compliance with regulatory requirements.

To create a network policy, you can create another YAML file that describes the policy rules.

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: my-network-policy
spec:
  podSelector:
    matchLabels:
      app: my-app
  policyTypes:
  - Ingress
  ingress:
  - from:
    - podSelector:
        matchLabels:
          app: other-app
    ports:
    - port: 80

🔹DNS

Kubernetes uses DNS to enable service discovery within a cluster. Each service is assigned a DNS name that can be used by other components in the cluster to access the service. DNS enables the dynamic discovery of services, which makes it easier to scale and manage applications in a Kubernetes environment.

To configure DNS for a Kubernetes service, you can create a DNS record that points to the service IP address. For example, if the service IP address is 10.0.0.1, you can create an A record for "my-service.my-namespace.svc.cluster.local" resolves to 10.0.0.1.

🔹CNI Plugins

Container Network Interface (CNI) plugins provide the networking infrastructure for Kubernetes clusters. CNI plugins are responsible for configuring the networking between nodes and pods, and for providing the necessary network connectivity for Kubernetes services. There are several CNI plugins available for Kubernetes, including Calico, Flannel, and Weave Net, each with its strengths and weaknesses.

To configure a CNI plugin for a Kubernetes cluster, you can install the plugin and configure it using a YAML file. For example, to install the Calico CNI plugin, you can do the following steps:

kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/tigera-operator.yaml
wget https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/custom-resources.yaml

Edit the CIDR for pods if it's custom

vi custom-resources.yaml

Then create a CNI plugin by running the following command

kubectl apply -f custom-resources.yaml

📍 Conclusion

Kubernetes networking is a complex topic that is essential for any Kubernetes deployment. Services, ingress, network policies, DNS, and CNI plugins are just a few of the key components that enable communication and coordination within a Kubernetes cluster. By understanding these components and their interactions, you can build and manage scalable and reliable applications in a Kubernetes environment.

Did you find this article valuable?

Support Ashutosh Mahajan's blog by becoming a sponsor. Any amount is appreciated!