K
Q

What route do service requests pass through Kubernetes?

2/4/2020

Let's say that a Service in a Kubernetes cluster is mapped to a group of cloned containers that will fulfill requests made for that service from the outside world.

What are the steps in the journey that a request from the outside world will make into the Kubernetes cluster, then through the cluster to the designated container, and then back through the Kubernetes cluster out to the original requestor in the outside world?

The documentation indicates that kube-controller-manager includes the Endpoints controller, which joins services to Pods. But I have not found specific documentation illustrating the steps in the journey that each request makes through a Kubernetes cluster.

This is important because it affects how one might design security for services, including the configuration of routing around the control plane.

-- CodeMed
kubernetes

Similar Questions

Behaviour of Multi node Kubernetes cluster with a single master when the master goes down?
Kubernetes replicasets and database
Can I suspend typechecking on kubectl apply?
Tie skaffold profile to namespace

1 Answer

2/4/2020

Assuming you are using mostly the defaults:

  1. Packet comes in to your cloud load balancer of choice.
  2. It gets forwarded to a random node in the cluster.
  3. It is received by the kernel and run through iptables.
  4. Iptables defines a mapping rule to forward the packet to a container IP.
  5. Unless it randomly happens to be on the same box, it then goes through your CNI network, usually some kind of overlay possibly with a wrapping and unwrapping.
  6. It eventually gets to the container IP, and then is delivered to whatever the process inside the container is.

The Services and Endpoints system is what creates and manages the iptables rules and the cloud load balancers so that the LB knows the right node IPs and the iptables rules know the right container IPs.

-- coderanger
Source: StackOverflow