Sina TavakkolDay 32/40
Kubernetes Networking Explained | Container Network Interface (CNI) With @kubesimplify
Video Link
@piyushsachdeva
Git Repository
My Git Repo
In this section, we explain how networking works in Kubernetes.
The Kubernetes network model specifies:
- Every
podgets its own IP address- Containers within a
podshare thepodIP address and can communicate freely with each other- Pods can communicate with all other pods in the
clusterusing pod IP addresses (withoutNAT)- Isolation (restricting what each
podcan communicate with) is defined using network policies
It is more common to use third-party network implementations that plug into
Kubernetesusing theCNI(Container Network Interface) API.There are lots of different kinds of CNI plugins, but the two main ones are:
- Network plugins, which are responsible for connecting pods to the network
IPAM(IP Address Management) plugins, which are responsible for allocating pod IP addresses sourceContainer Network Interface (CNI) is an open standard for configuring network interfaces in Linux containers. Kubernetes uses CNI plugins to manage network connectivity for pods. Here are some popular CNI plugins commonly used in Kubernetes:
- Flannel
- Calico
- Weave Net
- Cilium
- OVN-Kubernetes
- Multus source
Network kinds
inter node
inter pod
root@sinaops:~# k3s kubectl get node
NAME STATUS ROLES AGE VERSION
sinaops Ready control-plane,master 18m v1.30.3+k3s1
root@sinaops:~# cat << EOF | k3s kubectl apply -f -
> apiVersion: v1
kind: Pod
metadata:
name: shared-namespace
spec:
containers:
- name: p1
image: busybox
command: ['/bin/sh', '-c', 'sleep 10000']
- name: p2
image: nginx
> EOF
pod/shared-namespace created
List of ns
root@sinaops:~# ip netns list
cni-d72a06a2-78f2-fe18-e0ee-f98212cc6b4b (id: 12)
cni-04391c49-b5ee-6ee7-448a-823223533bf0 (id: 11)
cni-3386ac0b-77c3-d56e-944e-bae4b093afa3 (id: 16)
cni-52ef2fc1-9ee9-9c79-a188-11312df766b0 (id: 15)
cni-8f1d6b47-6e90-d771-d30e-4cafc83f68cc (id: 14)
cni-993c14ba-79e4-c943-f067-f480e1562bde (id: 4)
cni-afb0acf9-a2b5-b80e-b6fb-d8769861e8f9 (id: 13)
root@sinaops:~# ls -lt /var/run/netns/
total 0
-r--r--r-- 1 root root 0 Aug 13 18:30 cni-d72a06a2-78f2-fe18-e0ee-f98212cc6b4b
-r--r--r-- 1 root root 0 Aug 13 18:13 cni-04391c49-b5ee-6ee7-448a-823223533bf0
-r--r--r-- 1 root root 0 Aug 13 18:11 cni-3386ac0b-77c3-d56e-944e-bae4b093afa3
-r--r--r-- 1 root root 0 Aug 13 18:11 cni-52ef2fc1-9ee9-9c79-a188-11312df766b0
-r--r--r-- 1 root root 0 Aug 13 18:11 cni-8f1d6b47-6e90-d771-d30e-4cafc83f68cc
-r--r--r-- 1 root root 0 Aug 13 18:11 cni-993c14ba-79e4-c943-f067-f480e1562bde
-r--r--r-- 1 root root 0 Aug 13 18:11 cni-afb0acf9-a2b5-b80e-b6fb-d8769861e8f9
root@sinaops:~# lsns | grep nginx
4026533557 mnt 5 2112020 root nginx: master process nginx -g daemon off;
4026533558 pid 5 2112020 root nginx: master process nginx -g daemon off;
4026533559 cgroup 5 2112020 root nginx: master process nginx -g daemon off;
root@sinaops:~# lsns -p 2112020
NS TYPE NPROCS PID USER COMMAND
4026531834 time 236 1 root /lib/systemd/systemd --system --deserialize 56
4026531837 user 236 1 root /lib/systemd/systemd --system --deserialize 56
4026533190 net 7 2111902 65535 /pause
4026533551 uts 7 2111902 65535 /pause
4026533552 ipc 7 2111902 65535 /pause
4026533557 mnt 5 2112020 root nginx: master process nginx -g daemon off;
4026533558 pid 5 2112020 root nginx: master process nginx -g daemon off;
4026533559 cgroup 5 2112020 root nginx: master process nginx -g daemon off;
root@sinaops:~# ip netns exec cni-d72a06a2-78f2-fe18-e0ee-f98212cc6b4b ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0@if1192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP mode DEFAULT group default
link/ether 3e:9b:21:45:1f:50 brd ff:ff:ff:ff:ff:ff link-netnsid 0
root@sinaops:~# ip link
...
1192: vethbb792801@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master cni0 state UP mode DEFAULT group default
link/ether 2a:de:ce:a7:9e:32 brd ff:ff:ff:ff:ff:ff link-netns cni-d72a06a2-78f2-fe18-e0ee-f98212cc6b4b
root@sinaops:~# ip addr
...
1192: vethbb792801@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master cni0 state UP group default
link/ether 2a:de:ce:a7:9e:32 brd ff:ff:ff:ff:ff:ff link-netns cni-d72a06a2-78f2-fe18-e0ee-f98212cc6b4b
inet6 fe80::28de:ceff:fea7:9e32/64 scope link
valid_lft forever preferred_lft forever
root@sinaops:~# ethtool -S vethbb792801
NIC statistics:
peer_ifindex: 2
rx_queue_0_xdp_packets: 0
rx_queue_0_xdp_bytes: 0
rx_queue_0_drops: 0
rx_queue_0_xdp_redirect: 0
rx_queue_0_xdp_drops: 0
rx_queue_0_xdp_tx: 0
rx_queue_0_xdp_tx_errors: 0
tx_queue_0_xdp_xmit: 0
tx_queue_0_xdp_xmit_errors: 0
