DevOps Intermediate
Container Networking in Kubernetes¶
KubernetesNetworkingCNIIngress 6 min read
Kubernetes networking model. CNI plugins, Service types, Ingress controllers and DNS.
K8s Network Model¶
Every pod has its own IP address. Basic rules:
- Every pod can communicate with every other pod (without NAT)
- Nodes can communicate with pods (without NAT)
- The IP a pod sees for itself = the IP visible to others
CNI Plugins¶
- Calico — BGP routing, network policies, widely used
- Cilium — eBPF-based, high performance, advanced network policies
- Flannel — simple overlay, suitable for beginners
- Weave — mesh network, encrypted
# Cilium installation
helm install cilium cilium/cilium \
--namespace kube-system \
--set hubble.enabled=true \
--set hubble.relay.enabled=true \
--set hubble.ui.enabled=true
Service Types¶
# ClusterIP — internal (default)
apiVersion: v1
kind: Service
spec:
type: ClusterIP
selector:
app: api
ports:
- port: 80
targetPort: 8080
# NodePort — access via port on the node
spec:
type: NodePort
ports:
- port: 80
nodePort: 30080
# LoadBalancer — cloud LB
spec:
type: LoadBalancer
ports:
- port: 443
Ingress¶
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: api-ingress
annotations:
cert-manager.io/cluster-issuer: letsencrypt
spec:
ingressClassName: nginx
tls:
- hosts: [api.example.com]
secretName: api-tls
rules:
- host: api.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: api-server
port:
number: 80
Summary¶
K8s networking is a flat model with pod-to-pod communication. Choose the CNI plugin based on your needs: Cilium for eBPF performance, Calico for network policies.
Need Help with Implementation?¶
Our team has experience designing and implementing modern architectures. We’re happy to help.