DEV Community

Sina Tavakkol
Sina Tavakkol

Posted on

40 Days Of Kubernetes (32/40)

#kubernetes #40daysofkubernetes

Day 32/40

Kubernetes Networking Explained | Container Network Interface (CNI) With ‪@kubesimplify‬

Video Link
@piyushsachdeva
Git Repository
My Git Repo

In this section, we explain how networking works in Kubernetes.

The Kubernetes network model specifies:

  • Every pod gets its own IP address
  • Containers within a pod share the pod IP address and can communicate freely with each other
  • Pods can communicate with all other pods in the cluster using pod IP addresses (without NAT)
  • Isolation (restricting what each pod can communicate with) is defined using network policies

It is more common to use third-party network implementations that plug into Kubernetes using the CNI (Container Network Interface) API.

There are lots of different kinds of CNI plugins, but the two main ones are:

  • Network plugins, which are responsible for connecting pods to the network
  • IPAM (IP Address Management) plugins, which are responsible for allocating pod IP addresses source

Container Network Interface (CNI) is an open standard for configuring network interfaces in Linux containers. Kubernetes uses CNI plugins to manage network connectivity for pods. Here are some popular CNI plugins commonly used in Kubernetes:

  • Flannel
  • Calico
  • Weave Net
  • Cilium
  • OVN-Kubernetes
  • Multus source

Network kinds
inter node
inter pod

root@sinaops:~# k3s kubectl get node NAME STATUS ROLES AGE VERSION sinaops Ready control-plane,master 18m v1.30.3+k3s1 root@sinaops:~# cat << EOF | k3s kubectl apply -f - > apiVersion: v1 kind: Pod metadata: name: shared-namespace spec: containers: - name: p1 image: busybox command: ['/bin/sh', '-c', 'sleep 10000'] - name: p2 image: nginx > EOF pod/shared-namespace created
Enter fullscreen mode Exit fullscreen mode

List of ns

root@sinaops:~# ip netns list cni-d72a06a2-78f2-fe18-e0ee-f98212cc6b4b (id: 12) cni-04391c49-b5ee-6ee7-448a-823223533bf0 (id: 11) cni-3386ac0b-77c3-d56e-944e-bae4b093afa3 (id: 16) cni-52ef2fc1-9ee9-9c79-a188-11312df766b0 (id: 15) cni-8f1d6b47-6e90-d771-d30e-4cafc83f68cc (id: 14) cni-993c14ba-79e4-c943-f067-f480e1562bde (id: 4) cni-afb0acf9-a2b5-b80e-b6fb-d8769861e8f9 (id: 13) root@sinaops:~# ls -lt /var/run/netns/ total 0 -r--r--r-- 1 root root 0 Aug 13 18:30 cni-d72a06a2-78f2-fe18-e0ee-f98212cc6b4b -r--r--r-- 1 root root 0 Aug 13 18:13 cni-04391c49-b5ee-6ee7-448a-823223533bf0 -r--r--r-- 1 root root 0 Aug 13 18:11 cni-3386ac0b-77c3-d56e-944e-bae4b093afa3 -r--r--r-- 1 root root 0 Aug 13 18:11 cni-52ef2fc1-9ee9-9c79-a188-11312df766b0 -r--r--r-- 1 root root 0 Aug 13 18:11 cni-8f1d6b47-6e90-d771-d30e-4cafc83f68cc -r--r--r-- 1 root root 0 Aug 13 18:11 cni-993c14ba-79e4-c943-f067-f480e1562bde -r--r--r-- 1 root root 0 Aug 13 18:11 cni-afb0acf9-a2b5-b80e-b6fb-d8769861e8f9
Enter fullscreen mode Exit fullscreen mode 
root@sinaops:~# lsns | grep nginx 4026533557 mnt 5 2112020 root nginx: master process nginx -g daemon off; 4026533558 pid 5 2112020 root nginx: master process nginx -g daemon off; 4026533559 cgroup 5 2112020 root nginx: master process nginx -g daemon off; root@sinaops:~# lsns -p 2112020 NS TYPE NPROCS PID USER COMMAND 4026531834 time 236 1 root /lib/systemd/systemd --system --deserialize 56 4026531837 user 236 1 root /lib/systemd/systemd --system --deserialize 56 4026533190 net 7 2111902 65535 /pause 4026533551 uts 7 2111902 65535 /pause 4026533552 ipc 7 2111902 65535 /pause 4026533557 mnt 5 2112020 root nginx: master process nginx -g daemon off; 4026533558 pid 5 2112020 root nginx: master process nginx -g daemon off; 4026533559 cgroup 5 2112020 root nginx: master process nginx -g daemon off;
Enter fullscreen mode Exit fullscreen mode 
root@sinaops:~# ip netns exec cni-d72a06a2-78f2-fe18-e0ee-f98212cc6b4b ip link 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0@if1192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP mode DEFAULT group default link/ether 3e:9b:21:45:1f:50 brd ff:ff:ff:ff:ff:ff link-netnsid 0
Enter fullscreen mode Exit fullscreen mode 
root@sinaops:~# ip link ... 1192: vethbb792801@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master cni0 state UP mode DEFAULT group default link/ether 2a:de:ce:a7:9e:32 brd ff:ff:ff:ff:ff:ff link-netns cni-d72a06a2-78f2-fe18-e0ee-f98212cc6b4b root@sinaops:~# ip addr ... 1192: vethbb792801@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master cni0 state UP group default link/ether 2a:de:ce:a7:9e:32 brd ff:ff:ff:ff:ff:ff link-netns cni-d72a06a2-78f2-fe18-e0ee-f98212cc6b4b inet6 fe80::28de:ceff:fea7:9e32/64 scope link valid_lft forever preferred_lft forever
Enter fullscreen mode Exit fullscreen mode 
root@sinaops:~# ethtool -S vethbb792801 NIC statistics: peer_ifindex: 2 rx_queue_0_xdp_packets: 0 rx_queue_0_xdp_bytes: 0 rx_queue_0_drops: 0 rx_queue_0_xdp_redirect: 0 rx_queue_0_xdp_drops: 0 rx_queue_0_xdp_tx: 0 rx_queue_0_xdp_tx_errors: 0 tx_queue_0_xdp_xmit: 0 tx_queue_0_xdp_xmit_errors: 0
Enter fullscreen mode Exit fullscreen mode

source

Useful link

Top comments (0)