** Kubernetes Certification Training: https://www.edureka.co/kubernetes-cer... **
This Edureka tutorial on "Kubernetes Networking" will give you an introduction to popular DevOps tool - Kubernetes, and will deep dive into Kubernetes Networking concepts. The following topics are covered in this training session:
1. What is Kubernetes?
2. Kubernetes Cluster
3. Pods, Services & Ingress Networks
4. Case Study of Wealth Wizards
5. Hands-On
DevOps Tutorial Blog Series: https://goo.gl/P0zAfF
2. Kubernetes Certification Training www.edureka.co/kubernetes-certification
Topics For Today’s Session
❖ W h a t i s K u b e r n e t e s ?
❖ K u b e r n e t e s C l u s t e r
❖ K u b e r n e t e s N e t w o r k i n g
❖ N e t w o r k P l u g i n s
❖ C a s e S t u d y : W e a l t h W i z a r d s
❖ H a n d s - O n
3. Kubernetes Certification Training www.edureka.co/kubernetes-certification
What is Kubernetes & Who Uses it?
Open source and portable platform
Automates deployment of workloads
Groups containers for easy management
A container orchestration tool
4. Kubernetes Certification Training www.edureka.co/kubernetes-certification
Kubernetes Cluster
A cluster is a foundation of Kubernetes Engine. It has various components such as worker nodes, API’s,
Kubelet processes, deployment files etc.
5. Kubernetes Certification Training www.edureka.co/kubernetes-certification
Problems to Solve!!
Container-to-Container communication
Pod-to-Pod communication
Pod-to-Service communication
External-to-Service communication
6. Kubernetes Certification Training www.edureka.co/kubernetes-certification
Requirements of Kubernetes Model
All containers can communicate with all other containers without NAT
The IP that a container sees itself as is the same IP that others see it as
All nodes can communicate with all containers (and vice-versa)
without NAT
Kubernetes model has few fundamental requirements for any networking implementation.
7. Kubernetes Certification Training www.edureka.co/kubernetes-certification
Kubernetes Networking
Kubernetes is a powerful platform having many design choices and to understand the networking in
Kubernetes cluster, you need to understand the communication between pods, services and external world.
Container and Pods01
Services02
Ingress Network03
9. Kubernetes Certification Training www.edureka.co/kubernetes-certification
What are Pods?
HOST
Eth0
10.100.0.2
Docker0
172.17.0.1
Container 1
Veth0
172.17.0.2
Container 2
Veth1
172.17.0.3
A pod consists of one or more containers that are collocated on the same host, and are configured to share a
network stack and other resources such as units.
10. Kubernetes Certification Training www.edureka.co/kubernetes-certification
Pods: Virtual Network Interface
;
Docker can start a container and rather than creating a new virtual network interface for it, specify that
it shares an existing interface.
HOST
Eth0
10.100.0.2
Docker0
172.17.0.1
Container 1 Container 2
Veth0
172.17.0.2
11. Kubernetes Certification Training www.edureka.co/kubernetes-certification
Pods: Pause
Suspends the current process until a signal is received. So, these containers do nothing at all except sleep until
Kubernetes sends them a signal.
HOST
Eth0
10.100.0.2
Container 1 Container 2
Pause
Veth0
172.17.0.2
Docker0
172.17.0.1
13. Kubernetes Certification Training www.edureka.co/kubernetes-certification
Pod Network: Intra – Node Communication
1
Pod1
Network
eth0
Root Network
veth0
cbr0
veth1
eth0
Pod2
Network
eth0
2 3
4Packet leaves Pod1 network and enters
root network at veth0
Discovers the destination using an
ARP request
Now, bridge knows where to
forward the packet.
Packet reaches veth1 and reaches Pod2
network
14. Kubernetes Certification Training www.edureka.co/kubernetes-certification
Pod Network: Inter - Node Communication
1
2
3
4 5
6
7
8
Leaves Pod1
Network and
enters root
network
Packet crosses
the pipe-pair and
reaches pod4
Makes the ARP
request to find
the destination The bridge takes
the packet
Leaves the machine node1
Comes out
of cbr0 to the
main network
interface
The packet is
forwarded to
cbr0
Routes the packet to the node
16. Kubernetes Certification Training www.edureka.co/kubernetes-certification
• Must be durable and
resistant to failure.
• Must have a list of servers it
can forward to
• Must have some way of
knowing if a particular
server is healthy and able to
respond to requests
Clients Connecting to Proxy
Pod 1 Pod 2
Pod 3
Client connects to
proxy
Application
192.168.10.0
192.168.10.3
192.168.10.1 192.168.10.2
17. Kubernetes Certification Training www.edureka.co/kubernetes-certification
What is a Service?
A service is a type of Kubernetes resource that is configured to forward requests to a set of pods. Services
have an IP address and this IP address automatically routes to a healthy pod.
Node Node IP: 172.17.8.102
Service Domain Name: Service1
IP: 10.2.10.20
Port:9443
NodePort: 32001
Protocol: TCP
Pod 1 Pod 3
L1
L1
Pod 2
L1 L1
19. Kubernetes Certification Training www.edureka.co/kubernetes-certification
Service Types
Cluster IP
• Exposes the service on a
cluster-internal IP.
• Makes the service only
reachable from within
the cluster.
• This is the
default Service Type
Node Port
• Exposes the service on
each Node’s IP at a
static port
• A Cluster IP service to
which Node Port service
will route, is
automatically created
Load Balancer
• Exposes the service
externally using a cloud
provider’s load
balancer.
• Services, to which the
external load balancer
will route, are
automatically created.
External Name
• Maps the service to the
contents of the External
Name field by returning
a CNAME record with its
value.
• No proxying of any kind
is set up.
20. Kubernetes Certification Training www.edureka.co/kubernetes-certification
Service Types
Cluster IP
• Exposes the service on a
cluster-internal IP.
• Makes the service only
reachable from within
the cluster.
• This is the
default Service Type
Node Port
• Exposes the service on
each Node’s IP at a
static port
• A Cluster IP service to
which Node Port service
will route, is
automatically created
Load Balancer
• Exposes the service
externally using a cloud
provider’s load
balancer.
• Services, to which the
external load balancer
will route, are
automatically created.
External Name
• Maps the service to the
contents of the External
Name field by returning
a CNAME record with its
value.
• No proxying of any kind
is set up.
22. Kubernetes Certification Training www.edureka.co/kubernetes-certification
What is Ingress Network?
A collection of rules that allow inbound connections, which can be configured to give services externally
through reachable URLs, load balance traffic, or by offering name-based virtual hosting.
26. CHALLENGES
✓ The policies that the company used are application-
oriented and can only evolve with the applications,
but, there was no component to enforce these
policies.
SOLUTION
✓ Use the network plugin creates a virtual network that
has a network policy controller to manage and enforce
the rules in Kubernetes. Not only this, but it also
connects Docker containers across multiple hosts and
enables their automatic discovery.
RESULT
✓ Manages inter-pod routing, has access to manipulate
the iptables rules. Implements the access restrictions
defined by the network policies.
28. Kubernetes Certification Training www.edureka.co/kubernetes-certification
Hands-On
To deploy a multi-tier application over Kubernetes Networking, to show pod to pod communications, with
services.
Deployment
File
Pod 1:
Container
Image 1
Deployment
File
Pod 2:
Container
Image 1
31. Kubernetes Certification Training www.edureka.co/kubernetes-certification
Ingress
Ingress is the most
powerful way of
exposing service
01
02 04
03 05
It sits in front of
multiple services and
act as a ‘Smart
router’
Ingress is an API object that
manages external access to the
services in a cluster, usually HTTP
Services and pods
have IPs only routable
within the cluster
It acts like an entry
point to the
Kubernetes cluster