Shulou(Shulou.com)06/01 Report--

This article mainly introduces the example analysis of Kubernetes network, the article is very detailed, has a certain reference value, interested friends must read it!

Kubernetes network

Kubernetes is an open source container cluster management system for Google. Based on docker technology, it provides a whole set of functions such as resource scheduling, deployment and operation, service discovery, capacity expansion and reduction for containerized applications. In essence, it can be regarded as a mini-PaaS platform based on container technology.

So what are the most important concepts about k8s?

Pod communication

Pod internal: Port mutual access

On the same Node: communicate over the bridge

On different Node: communicate through Overlay network or route; version update or restart of Pod managed by RC results in IP change

Communication between Service and Pod

As a service proxy for Pod, Service must meet the following requirements:

External access points (IP addresses) are fixed and not easily updated

Forward external access requests to endpoints

Monitor endpoints changes and update rules in real time

Provide load balancing.

Each service has two modes, and you can choose the appropriate mode to work when configuring kubernetes according to the actual situation.

Userspace mode:

When choosing Userspace mode, there are three types:

Cluster-IP type:

Cluster-IP-range configurable

Cluster-IP does not need to be configured on the network card.

The message is transferred to the port automatically assigned by kube-proxy

Suitable for Pod and Host to access Service

Node-Port type:

Listen on the appropriate ports of all IP on Node

The message is transferred to the port automatically assigned by kube-proxy

Suitable for external hosts to access Service through Node physical network

LoadBalancer type:

The corresponding port snooping request of the external LB, forwarding traffic to the Node

Relay forwarding based on Node-Port configuration on each Node

Suitable for external network access to internal Service

Iptables mode:

No matter what type is assigned to Cluster-IP

The listening port of Cluster-IP can be specified

The use of Iptables, like openflow's flow table step-by-step filtering

You need to SNAT the traffic sent on the endpoint

The key point is how to do load balancing.

Service discovery

Service environment variable:

{SVCNAME} _ SERVICE_HOST

{SVCNAME} _ SERVICE_PORT

{SVCNAME} _ SERVICE_PORT_ {PORTNAME}

Link environment variable:

_ NAME

_ PORT__

_ PORT___ADDR

_ PORT___PORT

_ PORT___PROTO

Defect:

Pod cannot get environment variables across Namespace

Timing, Pod must be created later than Service

Cluster DNS

Kube2sky snooping on K8S Api-server

Service update, kube2sky saves records to etcd

Skydns supports etcd backend

Pod accesses the skyDNS resolution domain name.

Search default.svc.wise2c.com svc.wise2c.com wise2c.comnameserver 192.168.99.1optionsndots:5

Absolute domain name, that is, the domain name ends with `. Only the domain name is queried.

Relative to the domain name, and the number of `.` contained in the domain name is greater than or equal to the number specified by the option ndots command, only the domain name is queried.

Relative to the domain name, and the number of `.` contained in the domain name is less than the number specified by the option ndots command, append the suffix in the search list to the passed domain name in turn

The above is all the content of this article "sample Analysis of Kubernetes Network". Thank you for reading! Hope to share the content to help you, more related knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.