云原生|K8S 网络篇

发布于

Kubernetes networking requirements

Before diving into the details on how packets flow inside a Kubernetes cluster, let's first clear up the requirements for a Kubernetes network.

The Kubernetes networking model defines a set of fundamental rules:

  • A pod in the cluster should be able to freely communicate with any other pod without the use of Network Address Translation (NAT).
  • Any program running on a cluster node should communicate with any pod on the same node without using NAT.
  • Each pod has its own IP address (IP-per-Pod), and every other pod can reach it at that same address.

Cni

cnm

cgroup

Kube-proxy

Understanding Kubernetes Kube-Proxy

https://supergiant.io/blog/understanding-kubernetes-kube-proxy/

The Easy--Don't Drive Yourself Crazy--Way to Kubernetes Networking [B] - Gerard Hickey, Smartsheet

https://www.youtube.com/watch?v=H5Zl_kDOwBU

An illustrated guide to Kubernetes Networking [Part 1]

https://itnext.io/an-illustrated-guide-to-kubernetes-networking-part-1-d1ede3322727

Change the mechanism of transport packets to kube-proxy

https://github.com/kubernetes/kubernetes/issues/13500

service 和 kube-proxy 原理

https://cizixs.com/2017/03/30/kubernetes-introduction-service-and-kube-proxy/

Kube-cni

vlan

Vxlan

Iplan

Macvlan

容器抓包

TCPDUMP ON KUBERNETES POD USING CALICO AS CNI

https://akhileshthipparthi.wordpress.com/2018/05/16/tcpdump-on-kubernetes-pod-using-calico-as-cni/

1.Identify Worker node where pod is running and list down the the POD IP . You will be able to get those details using below commands,

kubectl describe po -n dev

2.Login to above worker node and list the interfaces using, ip route and filter interface matching the pod IP.

root@k8s-node-0:~# ip route | grep 10.112.12.53 10.112.12.53 dev calixxxxxxxx scope link

3.Take tcpdump on interface cali******* which is the host side of the VETH pair connecting the container back to the root or default network namespace on the host

4.tcpdump -i calixxxxxxxxx -w /opt/capture.pcap &

https://iximiuz.com/en/posts/container-learning-path/

https://learnk8s.io/kubernetes-network-packets

#kubernetes#ip#proxy#using#网络