K8s practice 10:docker Bridge and pod connection Network structure 01/17 Update SLTechnology News&Howtos

K8s practice 10:docker Bridge and pod connection Network structure

2025-01-17 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Shulou(Shulou.com)06/03 Report--

1.1

Components used

Network namespacebridgeveth pair

Note: all commands are tested on the cluster master node.

1.2

Network namespace

Executing the command ip netns displays the created network namespace

If the display is blank, please do link, and the command is as follows:

[root@k8s-master2 ~] # ln-s / var/run/docker/netns/ / var/run/netns [root@k8s-master1 ~] # ip netnsdefault [root@k8s-master1 ~] # [root@k8s-master2 ~] # ip netnsnetns290d0c6ad2ab (id: 3) 49bfcc08baa8 (id: 2) aeb6eaef384f (id: 1) 8d103e06202b (id: 0) default [root@k8s-master2 ~] # [root@k8s-master3 ~] # ip netns789ea14c2216 (id: 4) a4dbfec964e5 (id: 3) 4bdb1409b6e3 (id: 2) Daea28f1e8b2 (id: 1) 0566deb27814 (id: 0) default [root@k8s-master3 ~] #

You can see that each node displays different content, and there is only one default by default.

1.3

Why does each node display differently?

Take master3 as an example, see below

[root@k8s-master3 ~] # ip a | grep veth8: veth3a37cd9@if7: mtu 1450 qdisc noqueue master docker0 state UP10: veth37e9e7e@if9: mtu 1450 qdisc noqueue master docker0 state UP12: veth4ed5bcb@if11: mtu 1450 qdisc noqueue master docker0 state UP14: vethc4d2905@if13: mtu 1450 qdisc noqueue master docker0 state UP16: vethd67ea28@if15: mtu 1450 qdisc noqueue master docker0 state UP [root@k8s-master3 ~] # [root@k8s-master3 ~] # ip netns789ea14c2216 (id: 4) a4dbfec964e5 (id: 3) 4bdb1409b6e3 (id: 2) Daea28f1e8b2 (id: 1) 0566deb27814 (id: 0) default [root@k8s-master3 ~] #

Note that a netns corresponds to a virtual network card. How does it correspond?

For an example, see:

[root@k8s-master3 ~] # ip netns exec 0566deb27814 ip A1: lo: mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00 scope host valid_lft forever preferred_lft forever7: eth0@if8: mtu 1450 qdisc noqueue state UP link/ether 02:42:ac : 1e:5b:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 172.30.91.2/24 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::42:acff:fe1e:5b02/64 scope link valid_lft forever preferred_lft forever

Please look at this one:

Eth0@if8: mtu 1450 qdisc noqueue state UP

The corresponding is:

8: veth3a37cd9@if7: mtu 1450 qdisc noqueue master docker0 state UP

This is a veth pair pair.

Available command

[root@k8s-master3] # ethtool-I veth3a37cd9driver: vethversion: 1.0firmware-version:expansion-rom-version:bus-info:supports-statistics: yessupports-test: nosupports-eeprom-access: nosupports-register-dump: nosupports-priv-flags: no [root@k8s-master3 ~] # ethtool-S veth3a37cd9NIC statistics: peer_ifindex: 7 [root@k8s-master3 ~] #

Going back to the starting question, why does each node display differently?

How did network namespace come from?

First hit the command to do the display comparison.

Pod

[root@k8s-master3] # kubectl get pod-n kube-system-o wideNAME READY STATUS RESTARTS AGE IP NODEcoredns-779ffd89bd-5znxf 1 Running 2 18h 172.30.91.3 k8s-master3kubernetes-dashboard-65c76f6c97-4kg2r 1 Running 3 18h 172.30.91.5 k8s-master3tiller-deploy-58d57fd669-w8wsz 1 k8s-master3traefik-ingress-controller-77b549b5d9-dj65f 1 Running 3 18h 172.30.91.2 k8s Muhammad master3traefikMuyingressMab 77b549b5d9-4xd58 1ax 1 Running 4 4d 192.168.32.130 Charley 1 Running 10 34d 192.168.32.129 k8s-master2traefik-ingress-controller-77b549b5d9-hpt4z 1 Running 11 34d 192.168.32.128 k8s-master1 [root@k8s-master3 ~] #

Ip of pod

[root@k8s-master3] # kubectl exec-it tiller-deploy-58d57fd669-w8wsz / bin/sh-n kube-system~ $ip A1: lo: mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 0000 scope host valid_lft forever preferred_lft forever7: eth0@if8 : mtu 1450 qdisc noqueue state UP link/ether 02:42:ac:1e:5b:02 brd ff:ff:ff:ff:ff:ff inet 172.30.91.2/24 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::42:acff:fe1e:5b02/64 scope link valid_lft forever preferred_lft forever

Eth0@if8, take a look at the ip of this network namespace.

A pod corresponds to a network interface used by network namespace,pod, which is the network port of network namespace.

1.4

Bridge

To execute the command, see:

[root@k8s-master3 ~] # brctl showbridge name bridge id STP enabled interfacesdocker0 8000.0242c5980278 no veth37e9e7e veth3a37cd9 veth4ed5bcb Vethc4d2905 vethd67ea28 [root@k8s-master3 ~] # ip a | grep veth8: veth3a37cd9@if7: mtu 1450 qdisc noqueue master docker0 state UP10: veth37e9e7e@if9: mtu 1450 qdisc noqueue master docker0 state UP12: veth4ed5bcb@if11: mtu 1450 qdisc noqueue master docker0 state UP14: vethc4d2905@if13: mtu 1450 qdisc noqueue master docker0 state UP16: vethd67ea28@if15: mtu 1450 qdisc noqueue master docker0 state UP

Conclusion:

Each of these virtual network cards corresponds to one end of the eth pair (the other end is in namaspace, that is, in pod, see the above analysis), and these virtual network cards are bridged to the bridge docker.

1.5

Logical Topology Diagram of Bridge docker and pod

The topology is as follows:

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.