Kubernetes Network Fundamentals
Kubernetes provides a powerful networking model that enables communication between pods, services, and the external world. In this section, we will explore the fundamental concepts of Kubernetes networking, including pod networking, network modes, IP address management, and network policies.
Pod Networking
In Kubernetes, each pod is assigned a unique IP address, and pods can communicate with each other using this IP address, regardless of which node they are running on. This is achieved through the use of a Container Network Interface (CNI) plugin, which is responsible for setting up the network for the pods.
## Example of creating a pod with a specific IP address
apiVersion: v1
kind: Pod
metadata:
name: my-pod
spec:
containers:
- name: my-container
image: nginx
hostNetwork: false
dnsPolicy: ClusterFirst
restartPolicy: Always
ipAddress: 10.244.0.5
Network Modes
Kubernetes supports different network modes, including:
- Bridge mode: The default mode, where each pod is assigned a unique IP address and can communicate with other pods and services.
- Host mode: Where the pod shares the same network namespace as the host, allowing direct access to the host's network interfaces.
- NodePort mode: Where the pod's ports are exposed on the host's IP address, allowing external access to the pod.
graph LR
A[Pod] -- Bridge Mode --> B[Pod]
A -- Host Mode --> C[Host]
A -- NodePort Mode --> D[Node IP]
IP Address Management
Kubernetes uses a built-in IP address management (IPAM) system to assign IP addresses to pods. This system ensures that each pod is assigned a unique IP address within the cluster's network range. The IPAM system can be configured to use different address allocation strategies, such as static or dynamic allocation.
Allocation Strategy |
Description |
Static |
IP addresses are pre-allocated and assigned to pods |
Dynamic |
IP addresses are dynamically allocated as pods are created |
Network Policies
Kubernetes network policies allow you to control the traffic flow between pods. You can define rules to allow or deny traffic based on various criteria, such as pod labels, namespaces, or port numbers.
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-http
spec:
podSelector:
matchLabels:
app: web
ingress:
- from:
- podSelector:
matchLabels:
env: prod
ports:
- port: 80
In this example, the network policy allows HTTP traffic from pods with the env=prod
label to pods with the app=web
label.