Programming with Kubernetes/

...

/

Understanding the Kubernetes Networking Model

Understanding the Kubernetes Networking Model

Understand the container networking model in Kubernetes.

We'll cover the following...

Overview

In Kubernetes, the CNI is seamlessly integrated with kubelet to allow configurable networks between Pods. The network could be overlay or underlay. The overlay network encapsulates the network traffic using a virtual interface like VxLan, while the underlay network works at the physical layer composed of switches and routers. This decoupling gives us more freedom to choose appropriate network solutions and keeps the Pods portable to heterogeneous infrastructures.

No matter what the underlying infrastructure or network is, the Pods are accessible and can communicate with each other. Before we dive into how the CNI works, it’s worth discussing the Kubernetes networking model. This model is not only a design philosophy, but also has a close relationship with the CNI.

The Kubernetes networking model

As we know, the smallest deployable and schedulable unit is a Pod. One or more containers are grouped into one Pod. Such a design can support multiple cooperating processes for a cohesive unit called a Service. Each process runs in a separate container. Multiple containers serve as a standalone Service or application.

These applications share all the resources in the Kubernetes cluster, including the CPU, memory, and network. However, we can’t run applications with the same port on the same node. This is physically impossible. Typically, we need to ensure that two applications on the same node are using non-conflicting ports. Using dynamic port allocation brings a lot of complications, such as how to assign ports dynamically on each node under high concurrency, how to notify other service consumers on the ports, how to maintain the configuration blocks on the changing dynamic port numbers, and so on. To solve these complications, Kubernetes takes an opinionated approach to container networking. In particular, Kubernetes strictly stipulates that any network implementations should follow the guidelines below.

  • Every Pod gets its own IP address. The IP address that a Pod sees itself as is exactly the same IP that other Pods see it as. This is the most important and fundamental design philosophy in the ...