Home

Kubernetes network

Container-to-Container Communication Inside Pods.

A container runtime creates an isolated network space for each container it starts.
On Linux, that isolated network space is referred to as a network namespace.
When a Pod is started, a network namespace is created inside the Pod.
All containers runnings inside the Pod will share that network namespace so that they can talk to each other via localhost.

cluster Pods are scheduled on nodes randomly.
Pods are expected to be able to communicate with all other Pods in the cluster without implementation of Network Address Translation.
k8s treats Pods as VMs on a network.
As if each VM receives an IP address - thus each Pod receiving an IP address too.
This is called IP-per-Pod
Pod-to-Pod communication is like VMs communicate to each other.
Containers share the Pod's network namespace and must coordinate ports assignment inside the Pod just as application would on a VM.
Container can still communicate to each other via localhost inside a Pod.
Containers are also integrated with the overall K8s network model through the use of the Container Network Interface (CNI)
CNI = a set of specification + libraries.
CNI allow plugins to configure the networking for container.
CNI has core plugin.
CNI has 3rd-party Software Defined Networking (SDN) solutions implementing the k8s networking model.
Some plugin offer support for Network Policies.
Only a few solutions availiable
- Flannel
- Weave
- Calico
The container runtime offloads the IP assignment to CNI.
CNI, in turn, connects to the underlying configured plugin such as Bridge or MACvlan to get the IP address.
Once the IP address is given by the respective plugin, CNI forwards it back to the requested container runtime.
cluster-administration > networking