Notes from episode 2 of TGIK: Networking and Services

Over the past few months I’ve been trying to learn everything there is to know about Kubernetes. Kubernetes is an amazing technology for deploying and scaling containers though it comes with a cost. It’s an incredibly complex piece of software and there are a ton of bells and whistles to become familiar with. One way that I’ve found for coming up to speed is Joe Beda’s weekly TGIK live broadcast. This occurs each Friday at 4PM EST and is CHOCK full of fantastic information. In episode two Joe goes into Kubernetes networking. You can watch it here:

Here are some of my takeways from the episode:

• Each pod is assigned a unique IP.
• Assigning a unique IP per POD helps overcome the challenges associated with sharing ports on a machine.
• Communication takes three forms:
  • Pod to pod
  • Pod to host
  • Host to pod
• Outbound traffic from the cluster to external entities works out of the box via NAT.
• Inbound connectivity to pods requires some extra plumbing.
• Kubernetes has built-in service discovery via the endpoints API.
• CNI provides specifications and libraries to configure network interfaces in Linux containers
• CNI IPAM is how IPs (POD CIDR) are managed on the host.
• Services and deployments utilize labels to coordinate their efforts.
• Deployments use the “selector:” to pick the containers that the service will point to.
• Multiple types of services (5 types of objects):
  • None
  • ClusterIP - exposes the service on a cluster-internal IP which is only accessible from the cluster.
  • NodePort - expose a port on the node that forwards to the service.
  • LoadBalancer - creates an external load-balancer and configures it to point to the NodePort on each worker node.
  • ExternalName - provides a way to return an alias to an external service residing outside the cluster.
• ClusterIPs are picked from the service network and kube-proxy maps the service IP to a set of endpoints with iptables.
• ClusterIPs live for the life of a service. They don’t change.
• DNS names take the following format (CLUSTER_DOMAIN is configured with –cluster-domain):
  NAME.SVC.NAMESPACE.CLUSTER_DOMAIN
• Services can be exposed with the kubectl expose command:
  $ kubectl expose deployment kuard --type=ClusterIP --target-port=8080 --port 80
  service “kuard” exposed

Things I need to learn more about:

• Learn more about the endpoint service discovery API.
• Learn more about the CNI API.
• Study iptables-save to see how pods and services are stitched together.

This article was posted by Matty on 2018-02-04 18:43:54 -0500 -0500