Kubernetes

Kubernetes Networking

Challenges:

  • Where to run -> k8s includes a scheduler to pick nodes
  • how to communicate with each other -> ensures communication in face of changes
  • scaling the service -> has constructs to support scaling
  • handling failure -> monitors and can restart containers

Use

You can use kind for local testing on a single host (k8s in docker).

kubectl is the management utility for controlling clusters. .kube/config tells the utility to send API calls to the control plane container.

Pod:

  • A Pod is the unit of work in Kubernetes
  • Often a single container, but can be multiple containers
  • Receives a unique IP address in the Kubernetes Cluster

Base fields for k8s resource:

aipVersion:
kind:
metadata:
spec:

kubectl port-forward pod/something 8000:80 for simple networking (expose internal ip to outside network)

Deployment

A deployment is a type of "Controller" that changes the actual state to the desired state at a controlled rate.

Usually controls another controller (like replica set)

Service

A service is an abstraction which defines a logical set of Pods and a policy by which to access them

Load balance between pods.

Architecture

Control Plane and Workers

Everything is grouped in 'Namespaces' which are a k8s thing.

Kubelet (creates containers and sets up pods) is the only system that runs on the machine, everything else is pods. Registers the node it's running on by creating a node resource in the API server. Runs liveness probes. Deletes containers. Can run static pods.

etcd is a distributed key value store using RAFT consensus algorithm to store state of K8s cluster.

API Server provides a CRUD interface for querying and modifying the cluster state over a REST API, stores the state in etcd.

All components listen to the API Server over http.

Scheduler waits for newly created pods then assigns a node to each new pod. Filter feasible nodes, score the remaining nodes. Broken into 11 extension points.

Controller Manager runs multiple controllers as processes performing various reconciliation tasks.

Networking

Needed communication:

  • pod to pod

Each pod gets an IP address. Container Network Interface (CNI) calls a network plugin to set up the networking for that Pod. A popular plugin is called flannel which creates veth pairs and uses VXLAN tunneling or GRE tunneling to connect physical nodes.

  • pod to pods

Services have an IP address and load balance to pods. Kube-proxy is a component that is an interface to iptables or ipvs. You can load balance with iptables with the 'statistic' module.

  • pod to external service

Services can be defined with type "ExternalName" which will point to an external service.

  • external service to internal service

Ingress and Ingress Controller are two components that handle load balancing and provide routing rules. The controller sits ahead of the ingress component.

Creating a networking plugin

Network Plugins have to implement the CNI spec. When Kubelet creates a pod via the container runtime it will then invoke the network plugin following the CNI spec to set up networking for the new pod.

  • It'll check /etc/cni/net.d for configuration files.
  • Looks for an executable labeled type: ptp. Executable implements CNI

Suggested next step: eBPF

GitHub LinkedIn