Shulou(Shulou.com)05/31 Report--

How to analyze the concept of Kubernetes network, many novices are not very clear about this, in order to help you solve this problem, the following editor will explain for you in detail, people with this need can come to learn, I hope you can gain something.

Kubernetes network is a core concept in Kubernetes. In short, the Kubernetes network model ensures that all Kubernetes pod on the cluster can communicate. In addition, based on the Kubernetes network model, Kubernetes also has other core concepts, namely Kubernetes Services and Kubernetes Ingress.

The Kubernetes network will be explored using a system model approach. We will develop a simple model to understand the communication between containers and between containers and between Pod.

How to treat the network

There is no doubt that the network is an extremely extensive and complex field, which requires years of theoretical accumulation and practice to master. In this article, we will sort out the network at the conceptual level and do not cover the details of the implementation level for the time being.

Ideal network model

The above figure describes the network as Network Graph, which consists of a set of nodes and links between nodes. If and only if there is a connection between nodes, one node can exchange information with another node. Message exchange framework

One node, the source node, exchanges messages with another node, the destination, by putting the message into the destination's input queue. The message exchange is represented by the Send Event, Send ·M observed by the source node and the corresponding Receive Event, Recv ·M observed at the target node.

Message exchange behavior

The nodes in the network are either Process or Switch. Process generates and consumes messages, and Switch processes messages according to its forwarding information base (FIB).

Forwarding Information Base (FIB) for S1 and S2

The figure above depicts Switch's forwarding information base (FIB) S1 and S2. When a message is received, each Switch queries its forwarding information base to decide whether to send (deliver), forward (forward), or discard (discard) the message.

Switch:

Match the request header (source address, source port, destination address and destination port) of the information with its forwarding information base and perform relevant operations. Default is discard.

Kubernetes network model

Kubernetes network model is a descriptive network model, that is to say, any network that meets the specification of Kubernetes network model is Kubernetes network.

However, Kubernetes does not specify how to implement the network model. In fact, there are many alternative implementations on the market, called network plug-ins.

This section describes the Kubernetes network model with a set of constraints on message exchange.

Constraint: network addressable entity

The Kubernetes network model defines three addressable entities: K8S pod, K8S node, and K8S Service, each of which is assigned a different IP address.

∧ (K8s-Pod (E) ∨ K8s-Node (E) ∨ K8s-Service (E)) ∧ (K8s-Pod (E) ∨ K8s-Node (E) ∨ K8s-Service (E)): addr (E, a) ∧ addr (E, a) "⟺E" = E

However, the network model does not make any further statements about these IP addresses. For example, the Kubernetes network model does not make any further declaration about the IP address space extracted from these IP addresses.

Constraints: communication between containers

The Kubernetes network model requires that container C1 executed in the context of Pod P can communicate with other containers C2 executed in the context of P through localhost.

K8s-Pod (P) ∧ K8s-Container (C, P) ∧ K8s-Container (C, P): open (C, p) ⟹Send (e, C, 127.0.0.1, _, 127.0.0.1, p) ⟹Recv (e, C, 127.0.0.1, _, 127.0.0.1, p)

Restrictions: Pod to Pod

The Kubernetes network model requires that container C1 executed in the context of Pod P1 can communicate with other containers C2 executed in the context of P2 through the address of P2.

∧ K8s-Pod (P) ∧ K8s-Container (C, P) ∧ K8s-Pod (P) ∧ K8s-Container (C2, P): addr (P, sa) ∧ addr (P, ta) ∧ open (C, E, tp) ⟹Send (e, C, sa, sp, ta, tp) ⟹Recv (e, C, sa, sp, ta, tp)

Restrictions: Process to Pod

The Kubernetes network model requires that a Process hosted on node N, called Daemon D, can communicate with any container C hosted in the context of Pod P on N through the address of P. K8s-Node (N) ∧ K8s-Daemon (D) ∧ K8s-Pod (P) ∧ K8s-

Container (C, P): host (N, D) ∧ host (N, P) ∧ addr (P, a) ∧ open (C, p) ⟹Send (e, D, _, a, p) ⟹Recv (e, C, _, a, p) Kubernetes network as Network Graph

This section uses the ideal model of Kubernetes Network Graph to describe the Kubernetes network model.

The following figure describes the use case in this section: Kubernetes cluster K1 consists of two nodes. Each node hosts 2 Pod. Each Pod executes 2 containers, one container listens on port 8080 and one container listens on port 9090. In addition, each node hosts 1 Daemon.

We can model the Kubernetes cluster network as a Graph with a set of nodes and a set of links.

Node

Each K8S container C maps to network Process C

K8s-Pod (P) ∧ K8s-Container (C, P): Process (C)

Each Daemon D maps to network Process C

K8s-Daemon (D): Process (D)

Each K8s Pod P maps to network Switch P, Switch of Pod

K8s-Pod (P): Switch (P)

Each K8S node N is mapped to the network Switch N, the Switch of the node:

K8s-Pod (N): Switch (N)

Link

Each container C is linked to its Pod Switch P

K8s-Pod (P) ∧ K8s-Container (C, P): link (C, P)

Each Daemon D is linked to its node Switch N

K8s-Node (N) ∧ K8s-Daemon (D): host (N, D) ⟹link (D, N)

Each Pod Switch P is linked to its node Switch N

K8s-Node (N) ∧ K8s-Pod (P): host (N, P) ⟹link (P, N)

Each node Switch N1 is linked to the other nodes Switch N2

K8s-Node (N) ∧ K8s-Node (N): n "≠ N" ⟹link (N ", N")

In Pod Switch's forwarding information base

Forwarding information base of P2

1. Delivery on localhostK8s-Pod (P) ∧ K8s-Container (C, P): open (C, p) ⟹[* * 127.0.0.1 p Deliver (C)] in FIB [P] 2.Delivery on Pod AddressK8s-Pod (P) ∧ K8s-Container (C, P): addr (P, a) ∧ open (C) P) ⟹[* * a p Deliver (C)] in FIB [P] 3. Local Forwarding RuleK8s-Node (N) ∧ K8s-Pod (P): host (N, P) ⟹[* Forward (N)] in FIB [P]

Forwarding information base on node Switch

Forwarding information base N2

Node to Pod Forwarding Rule K8s-Node (N) ∧ K8s-Pod (P): host (N, P) ∧ addr (P, a) ⟹[* * a * Forward (P)] in FIB [N]

Node to Node Forwalding Rule K8s-Node (N) ∧ K8s-Node (N) ∧ K8s-Pod (P): n "≠ N" ∧ host (N ", P) ∧ addr (P, a) ⟹[* * a * Forward (N)] in FIB [N]

Example

This section will use some examples to explain according to the message life (Life of a Message) in Kubernetes cluster network K1.

Container to container

Container C1.1 needs to communicate with container C1.2:

C1.1 executes in the context of P1

C1.2 executes in the context of P1

C passport. Pass 127.0.0.1 to C ride 9090.

Pod-to-Pod communication within nodes

Container C 1.1 needs to communicate with C 3.1:

C 1.1 executes in P1 context on N1 node

C 3.1 executes in the context of P3 on N1 nodes

C 1.1 through 10.1.1.2 purl 8080 to C 3.1

Pod-to-Pod communication between nodes

Container C 1.1 needs to communicate with container C 2.1:

C1.1 is executed in the context of P1 hosted on the N1 node

C2.1 executes in the context of P2 on node N2

C1.1 through 10.1.2.1virtual 8080 to C2.1

Daemon to Pod communication

Daemon D1 needs to communicate with Container C 1.1:

D1 is hosted on node N1

C 1.1 executes in the context of Pod P1, which Pod is hosted on node N1

D1 through 10.1.1.1VR 8080 to C 1.1

Kubernetes network model is a permissible network model, that is to say, any network that satisfies the constraints of Kubernetes network model is an effective Kubernetes network.

Mapping the Kubernetes network model to Network Graph enables us to reason about the network at the conceptual level and skips a series of details required for reasoning at the implementation level.

Is it helpful for you to read the above content? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.