Kubernetes networking can be intricate and challenging, with concepts extending beyond Kubernetes-specific aspects covered in the Container Orchestration chapter.
Four Kubernetes Networking Problems:
Container-to-Container Communications:
Addressed by the Pod concept, as detailed later.
Pod-to-Pod Communications:
Resolved through an overlay network.
Pod-to-Service Communications:
Implemented by kube-proxy and packet filter on the node.
External-to-Service Communications:
Implemented by kube-proxy and packet filter on the node.
Three Key Networking Requirements:
All pods can communicate with each other across nodes.
All nodes can communicate with all pods.
No Network Address Translation (NAT).
Networking Implementation Options in Kubernetes:
Network Vendors:
Project Calico
Weave
Cilium
Automatic IP Address Assignment in Kubernetes:
Every Pod in Kubernetes is assigned its own IP address without manual configuration.
CoreDNS, a DNS server add-on, is commonly included in Kubernetes setups for service discovery and name resolution within the cluster.
Network Policies in Kubernetes:
Control at IP and Port Level:
If control over traffic flow at the IP address or port level is desired.
Implementation:
Network Policies act as cluster-internal firewalls.
Defined for a set of pods or a namespace using a selector to specify allowed traffic.
IP-based Network Policies use IP blocks (CIDR ranges).
Implementation Responsibility:
Network Policies are implemented by the network plugin.
Requires a networking solution supporting NetworkPolicy; creating a NetworkPolicy resource without a compatible controller has no effect.