Kubernetes Networking

Expectations:

Practical :

We have created deployment name test –image=nginx and created 3 pods.

Same container who are running on the same node. We can see they can reach.

Now let's try to hit pod from worker 2 to hit pod running on worker1.

Connect the pod with the external (outside of cluster), means if your base system having internal , I can reach to external world.

But why it is happening ?

1) Kubernetes cluster network on SDN (CNI) concept. ( software defined network) which provide L3 Layer networking in k8s.

2) These are CNI Plugin which provide networking kubernetes cluster.

Understand like this, suppose you have worker node and inside that , pod are running so is there any possibility where I can put a cable from my sHARDWARE witch and attach it to pod.

NO, because hardware switch cannot be attach to virtual pod, so we would be needing virtual cable which provide all kind of l3 layer switch functionality that we call SDN technology as a software

So K8 have done overlay networking.. Each node having virtual switch (L3 layer) and because of this all the container got virtual nic card, ip address and this is L3 Switch

And it knows who is it neighbour switch , transferring routing table as well

K8S uses calico SDN.

Alternatives are:

Flannel
Weave
Calico ( recommended and use now)

So all the pod stuff we discussed each pod should have an unique ipaddress. Able to communicate all these done by Calico which is SDN/CNI for pod networking.

About Installation Calico ?

In Default installation of calico, it create calico pod on each node.

Calico by default have configured 192.168.0.0/16 subnet pool.

192.168.0.0/16 this is our whole cluster overlay network but if you check this yml

Calico.yml

To see where are all subnet ? Either you can see via kubectl or configure calicoctl

to install the calicoctl command. Download the executable with the command:

curl -o calicoctl -O -L "https://github.com/projectcalico/calicoctl/releases/download/v3.19.1/calicoctl"

After the executable downloads to your system, move it into a directory in your path, such as /usr/local/bin/, with the command:

sudo mv calicoctl /usr/local/bin/

Next, give the file executable permissions with the command:

sudo chmod +x /usr/local/bin/calicoctl

Verify the installation by running the command:

calicoctl -h

You should see a listing of how the command is used.

Here we setting up separte binary calicoctl where we set up caliconetwork

Calicoctl should be able to communicate to api-server database so there is file calicoctl.cfg which we will need to configure then only we will able to see which subnet gone where ?

Calico have also command line as this is also third party technology

How this subnet come ?

To see how much ip have been used ?

Calico network routing service provide because different network container can also talk so how it is possible ?

Protocol : BGP protocal ( because every node has routing table shared)

Calico by default use BGP protocal for routing.

IP to IP

Tunnel

IP to IP mode is not supported in cloud.

How to change calico ip to ip mode.

So far we have done below three points and discuss in details.

But 3^rd point also says pod should be go out side the cluster network.

Means within the cluster it directory communicate pod to pod.

And outside of cluster.

IP to IP and VXLAN === overlay networking

To go outside of cluster == NATTING

So far this is was default networking. Now we will defined custom network.

######################################################

So since, even if we create new pod, all pod will get the ip range from the older network. Means new network is deactived. Older pod ip will be working.

But one network can be activated at a time.

How to activate or deactivate then ?