K
Q

kubernetes network model vs. network plugin vs. network policy

11/9/2020

When it comes to networking, I'm quite overwhelmed by the numerous concepts and options. So my question is: What are the usecases and the differences between these kubernetes concepts?

What I've found out so far:

The documentation of network policy describes the usecase quite clear:

you want to control traffic flow at the IP address or port level

But Network Policy is not used consistently here: Calico is a Networking Model in kubernetes doc or a Network Policy in Azure Portal (s. image).

Azure Networking

I suspect, that Azure uses the wrong term here.

But then I still do not understand the difference between model and plugin. Of course it's about managing communication between resources.

Why do I need two different concepts and two configuration options for managing network traffic?

-- Matthias M
kubernetes

Similar Questions

Failed to declare queue by RabbitMQ for Activiti Cloud Connector
How to get latest patch of a Helm chart
Can't resolve home dns from inside k8s pod
expose private kubernetes cluster with NodePort type service
Connecting to AKS API (via HTTP) from an Azure VM

1 Answer

11/9/2020

There's several networking problems that addressed in Kubernetes:

  1. Container-to-Container communications
  2. Pod-to-Pod communications
  3. Pod-to-Service communications
  4. External network-to-Service communications

1st problem addressed in container runtime, rest(3rd and 4th covered by services which still depend on underlying network model) solved by Kubernetes network model.

Network model is high level description of how network in Kubernetes is supposed to work, that imposes 3 main requirements:

  • Every Pod gets its own IP address
  • Pods on a Node can communicate with all Pods on all Nodes without NAT
  • Agents on a Node can communicate with all Pods on that Node

This abstract model allows different implementations of actual network layer, for example default network implementation called kubenet or Calico, Cilium, etc.

Network plugin is basically anything that implements NetworkPlugin interface. All network model implementations are actually network plugins, even default one. Of course you can set up some additional plugins for more features/control over network.

But why Azure mentions Calico as network policy? Well, network policies are implemented via network plugins and kubenet, Calico provide their own implementations of network policies.

-- Grigoriy Mikhalkin
Source: StackOverflow