320 likes | 810 Views
** Kubernetes Certification Training: https://www.edureka.co/kubernetes-cer... ** <br>This Edureka tutorial on "Kubernetes Networking" will give you an introduction to popular DevOps tool - Kubernetes, and will deep dive into Kubernetes Networking concepts. The following topics are covered in this training session: <br><br>1. What is Kubernetes? <br>2. Kubernetes Cluster <br>3. Pods, Services & Ingress Networks <br>4. Case Study of Wealth Wizards <br>5. Hands-On <br><br>DevOps Tutorial Blog Series: https://goo.gl/P0zAfF
E N D
Topics For Today’s Session ❖ W h a t i s K u b e r n e t e s ? ❖ K u b e r n e t e s C l u s t e r ❖ K u b e r n e t e s N e t w o r k i n g ❖ N e t w o r k P l u g i n s ❖ C a s e S t u d y : W e a l t h W i z a r d s ❖ H a n d s - O n Kubernetes Certification Training www.edureka.co/kubernetes-certification
What is Kubernetes & Who Uses it? Open source and portable platform Automates deployment of workloads Groups containers for easy management A container orchestration tool Kubernetes Certification Training www.edureka.co/kubernetes-certification
Kubernetes Cluster A cluster is a foundation of Kubernetes Engine. It has various components such as worker nodes, API’s, Kubelet processes, deployment files etc. Kubernetes Certification Training www.edureka.co/kubernetes-certification
Problems to Solve!! Container-to-Container communication Pod-to-Pod communication Pod-to-Service communication External-to-Service communication Kubernetes Certification Training www.edureka.co/kubernetes-certification
Requirements of Kubernetes Model Kubernetes model has few fundamental requirements for any networking implementation. All containers can communicate with all other containers without NAT All nodes can communicate with all containers (and vice-versa) without NAT The IP that a container sees itself as is the same IP that others see it as Kubernetes Certification Training www.edureka.co/kubernetes-certification
Kubernetes Networking Kubernetes is a powerful platform having many design choices and to understand the networking in Kubernetes cluster, you need to understand the communication between pods, services and external world. 01 Container and Pods 02 Services 03 Ingress Network Kubernetes Certification Training www.edureka.co/kubernetes-certification
Containers & Pods Copyright © 2018, edureka and/or its affiliates. All rights reserved.
What are Pods? A pod consists of one or more containers that are collocated on the same host, and are configured to share a network stack and other resources such as units. Eth0 10.100.0.2 Docker0 172.17.0.1 Veth0 172.17.0.2 Veth1 172.17.0.3 Container 1 Container 2 HOST Kubernetes Certification Training www.edureka.co/kubernetes-certification
Pods: Virtual Network Interface Docker can start a container and rather than creating a new virtual network interface for it, specify that ; it shares an existing interface. Eth0 10.100.0.2 Docker0 172.17.0.1 Veth0 172.17.0.2 Container 1 Container 2 HOST Kubernetes Certification Training www.edureka.co/kubernetes-certification
Pods: Pause Suspends the current process until a signal is received. So, these containers do nothing at all except sleep until Kubernetes sends them a signal. Eth0 10.100.0.2 Docker0 172.17.0.1 Pause Veth0 172.17.0.2 Container 1 Container 2 HOST Kubernetes Certification Training www.edureka.co/kubernetes-certification
Pod Network: Components Pod1 Network Pod2 Network Pod2 Network Pod2 Network eth0 eth0 eth0 eth0 eth0 veth0 veth1 veth0 veth1 Root Network Root Network Namespace cbr0 eth0 Root Network eth0 Pod Network Namespace Root Network Linux Network Bridge Kubernetes Certification Training www.edureka.co/kubernetes-certification
Pod Network: Intra – Node Communication Pod1 Network Pod2 Network eth0 eth0 Packet reaches veth1 and reaches Pod2 network Packet leaves Pod1 network and enters root network at veth0 1 4 veth0 veth1 Discovers the destination using an ARP request Now, bridge knows where to forward the packet. 2 3 cbr0 eth0 Root Network Kubernetes Certification Training www.edureka.co/kubernetes-certification
Pod Network: Inter - Node Communication Leaves Pod1 Network and enters root network Packet crosses the pipe-pair and reaches pod4 8 1 Makes the ARP request to find the destination 2 7 The bridge takes the packet 3 6 Comes out of cbr0 to the main network interface The packet is forwarded to cbr0 4 5 Leaves the machinenode1 Routes the packet to the node Kubernetes Certification Training www.edureka.co/kubernetes-certification
Services Copyright © 2018, edureka and/or its affiliates. All rights reserved.
Clients Connecting to Proxy 192.168.10.0 Pod 1 Pod 2 192.168.10.1 192.168.10.2 • Must be durable and Client connects to proxy resistant to failure. • Must have a list of servers it can forward to Pod 3 • Must have some way of 192.168.10.3 knowing if a particular Application server is healthy and able to respond to requests Kubernetes Certification Training www.edureka.co/kubernetes-certification
What is a Service? A service is a type of Kubernetes resource that is configured to forward requests to a set of pods. Services have an IP address and this IP address automatically routes to a healthy pod. Node Node IP: 172.17.8.102 Domain Name: Service1 IP: 10.2.10.20 Port:9443 NodePort: 32001 Protocol: TCP Service L1 Pod 2 Pod 1 Pod 3 L1 L1 L1 Kubernetes Certification Training www.edureka.co/kubernetes-certification
Service Network Kubernetes Certification Training www.edureka.co/kubernetes-certification
Service Types Cluster IP Load Balancer External Name Node Port • Exposes the service on a • Maps the service to the • Exposes the service on • Exposes the service cluster-internal IP. contents of the External each Node’s IP at a externally using a cloud Name field by returning static port provider’s load • Makes the service only a CNAME record with its balancer. • A Cluster IP service to reachable from within value. • Services, to which the the cluster. which Node Port service • No proxying of any kind external load balancer will route, is • This is the is set up. will route, are automatically created default Service Type automatically created. Kubernetes Certification Training www.edureka.co/kubernetes-certification
Service Types Cluster IP Load Balancer External Name Node Port • Exposes the service on a • Maps the service to the • Exposes the service on • Exposes the service cluster-internal IP. contents of the External each Node’s IP at a externally using a cloud Name field by returning static port provider’s load • Makes the service only a CNAME record with its balancer. • A Cluster IP service to reachable from within value. • Services, to which the the cluster. which Node Port service • No proxying of any kind external load balancer will route, is • This is the is set up. will route, are automatically created default Service Type automatically created. Kubernetes Certification Training www.edureka.co/kubernetes-certification
Ingress Network Copyright © 2018, edureka and/or its affiliates. All rights reserved.
What is Ingress Network? A collection of rules that allow inbound connections, which can be configured to give services externally through reachable URLs, load balance traffic, or by offering name-based virtual hosting. Kubernetes Certification Training www.edureka.co/kubernetes-certification
Ingress Network Working Kubernetes Certification Training www.edureka.co/kubernetes-certification
Network Plugins Kubernetes Certification Training www.edureka.co/kubernetes-certification
Case Study Copyright © 2018, edureka and/or its affiliates. All rights reserved.
CHALLENGES ✓ The policies that the company used are application- oriented and can only evolve with the applications, but, there was no component to enforce these policies. SOLUTION ✓ Use the network plugin creates a virtual network that has a network policy controller to manage and enforce the rules in Kubernetes. Not only this, but it also connects Docker containers across multiple hosts and enables their automatic discovery. RESULT ✓ Manages inter-pod routing, has access to manipulate the iptables rules. Implements the access restrictions definedby the network policies.
Demo Time!! Copyright © 2018, edureka and/or its affiliates. All rights reserved.
Hands-On To deploy a multi-tier application over Kubernetes Networking, to show pod to pod communications, with services. Deployment File Pod 1: Container Image 1 Deployment File Pod 2: Container Image 1 Kubernetes Certification Training www.edureka.co/kubernetes-certification
Pod2 Network Pod4 Network Pod1 Network Pod3 Network Pod4 Network Pod3 Network eth0 eth0 eth0 eth0 eth0 eth0 Route Table veth0 veth0 veth1 veth1 veth0 10.0.1.2 veth0 veth1 Server Pod 1 cbr0 flannel0 cbr0 flannel0 cbr0 Node1 Root Network Node2 Root Network eth0 eth0 Node2 Root Network eth0 Route Table
Ingress It acts like an entry point to the Kubernetes cluster Ingress is the most powerful way of exposing service It sits in front of multiple services and act as a ‘Smart router’ 01 03 05 02 04 Services and pods have IPs only routable within the cluster Ingress is an API object that manages external access to the services in a cluster, usually HTTP Kubernetes Certification Training www.edureka.co/kubernetes-certification
Window Kubernetes Certification Training www.edureka.co/kubernetes-certification