![]() In this section, I’ll only focus on the interactions that relate to configuring network for the pod. When a pod is scheduled on a node, a lot of things happen to start up a pod. Kubelet, Container Runtime and CNI Plugins - how it’s all stitched together $ kubectl get no -o json | jq '.spec.podCIDR' podCIDR for a node can be listed using the following command. To change the podCIDR allocated to nodes in a cluster, nodes need to be de-registered and then re-registered with any configuration changes first applied to the kubernetes control plane. Since these podCIDRs are disjoint subnets, it allows assigning each pod a unique IP address.Ī kubernetes node is assigned a podCIDR when the node first registers with the cluster. Kube-controller-manager’s -controllers command line flag, it allocates each node a dedicated subnet (podCIDR) from the cluster CIDR (IP range for the cluster network). When nodeipam is passed as an option to the This is achieved by assigning each node a unique subnet from which pods are assigned IP addresses on that node. If all pods are required to have an IP address, it’s important to ensure that all pods across the entire cluster have a unique IP address. Assigning Subnets To Nodes For Pod IP Addresses A CNI plugin is an executable that follows the CNI spec and we’ll discuss some plugins in the post below. Plugins which perform different functions in configuring the pod network. Spec to provide a generic plugin-based networking solution for linux containers. Various container runtimes implement the CRI API and this allows users to use the container runtime of their choice in their kubernetes installation. What Is CRI?ĬRI (Container Runtime Interface) is a plugin interface that allows kubelet to use different container runtimes. NOTE: This is just one of the ways how networking between containers can be configured. On the destination, the encapsulated packet is retrieved and the packet is routed through to the destined pod. Every packet that’s destined for a container on a different host goes through the vxlan device and is encapsulated in a UDP packet. In a kubernetes cluster, flannel creates a vxlan device and some route table entries on each of the nodes. Vxlan which wraps the original packet inside a UDP packet and sends it to the destination. One of the ways containers running on different hosts can talk to each other via their IP addresses is by using packet encapsulation. The linux bridge is also assigned an IP address and it acts as a gateway for egress traffic from pods destined to different nodes. All containers on the same host have one end of this veth pair connected to the linux bridge and they can talk to each other using their IP addresses via the bridge. One end of this veth device is inserted into the container network namespace and the other end is connected to a Veth (virtual ethernet) device is created to achieve this. ![]() One of the ways containers running on the same host can talk to each other via their IP addresses is through a linux bridge. Some of the posts that I have found to be very educational in this space are I am skipping details here as container networking deserves a blog post of itself. For context, I will go over a very high level overview here with a single approach that involves linux bridge networking and packet encapsulation. ![]() There are some really good posts explaining how container networking works. Some Background Concepts Container Networking: A Very Brief Overview Also, I am going to assume that you know how container networking works and only share a very brief overview below for context. For this post, I will useĬontainerd as the container runtime. There are various ways of setting up networking in kubernetes and various options for a container runtime. So, I wanted to write this post to share what I have learned about various networking components and how they are stitched together in a kubernetes cluster for every pod to receive an IP address. For instance, I understood what CNI plugins were, however, I didn’t know how they were invoked. I understood how various components worked independently, however, it wasn’t clear how these components fit together. There are several network providers (flannel, calico, canal, etc.) that implement this networking model.Īs I started working on Kubernetes, it wasn’t completely clear to me how every pod is assigned an IP address. Kubernetes networking model is that every pod should get its own IP address and that every pod in the cluster should be able to talk to it using this IP address. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |