Shulou(Shulou.com)05/31 Report--

This article mainly explains "what are the basic contents of Kubernetes network". The content in the article is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn "what are the basic contents of Kubernetes network"?

The basic deployment scheduling unit of Kubernetes network: Pod

The basic snap-in in Kubernetes is not a container, but something called pod. We think of an environment where one or more containers are deployed as an pod unit. Typically, they represent a single functional endpoint that provides partial services.

Take two valid pods units as examples:

Database pod-a single MySQL container

Web pod-A container containing an python instance and a container containing a Redis database

Pods has the following common features:

They share resources-including network stacks and namespaces

Pod contains an IP address for client connections

The configuration of pod defines any public port and which container occupies that port

All containers in pod can interact through any port in the network (these containers are referenced locally, so you need to ensure that services in pod have unique ports)

Kubernetes Service (Kubernetes Services)

The Kubernetes service is located behind the load balancer and is responsible for managing multiple identical pods. Instead of connecting to the IP of each pod, the client connects directly to the IP address of the load balancer. The Kubernetes service defines your application as a service, allowing Kubernetes to dynamically expand the number of pod based on defined rules and actual available resources.

If you want the application to be accessed by clients outside the Kubernetes infrastructure, the only way is to define the application as part of the service. Whether you extend the node or not, you need the Kubernetes service to assign an external IP address.

Label (Labels)

A tag is a set of key-value pairs in Kubernetes that act on an object, such as pods, and need to be meaningful and relevant.

In the standard configuration of Kubernetes, tags do not directly affect the core operations related to Kubernetes, but are mainly used to group and identify objects.

Network Security (Network Security)

Below we will introduce some of the web plug-ins recommended by Kubernetes that use the tags we mentioned in the previous section. Using tags, they can change certain functions while the container is running. Most of the network plug-ins used in Kubernetes are based on the Container Network Interface (Container Networking Interface, CNI) specification, which is developed by Cloud Native Computing Foundation (CNCF). CNI allows the same network plug-ins to be used in multiple container platforms. Now we use a method to adjust the network security policy, which does not set everything in advance like the traditional network or security team model, but uses tags to adjust the correct network policy while the container is running (the container changes so frequently that it is difficult to intervene manually). At present, this method has become a part of Kubernetes Network Special Internet Group (Network SIG). Today, we have several network plug-ins available to apply network policies to namespaces and pods, including OpenContrail and Project Calico.

With this new approach, Kubernetes administrators can import all pre-prepared policies, and developers are responsible for adjusting and choosing policies according to their needs, all of which are defined and implemented in pod.

Example of network policy:

POST / apis/net.alpha.kubernetes.io/v1alpha1/namespaces/tenant-a/networkpolicys/ {"kind": "NetworkPolicy", "metadata": {"name": "pol1"}, "spec": {"allowIncoming": {"from": [{"pods": {"segment": "frontend"}}] "toPorts": [{"port": 80, "protocol": "TCP"]}, "podSelector": {"segment": "backend"}

Example of pod configuration with network policy definition:

ApiVersion: v1kind: Podmetadata: name: nginx labels: app: nginx segment: frontendspec: containers:-name: nginx image: nginx ports:-containerPort: 80 Thank you for your reading. The above is the content of "what are the basic contents of Kubernetes Network?" after the study of this article, I believe you have a deeper understanding of what is the basic content of Kubernetes network, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.