what is the network structure like in a cluster?

3/5/2021

I have a very hard time understanding what kubernetes network architecture is really like.

As a basic understanding "there's a machine behind each IP", but with this stuff of containers inside pods inside nodes inside a cluster hosted somewhere.

Adding services, deployments and other kubernetes objects, makes it even more confusing. The documentation is not super clear on that. I'm just lost and throwing hands in the air

Could I ask for a brief explanation of what network is inside what network, and what elements have IPs and/or ports?

-- Sheed
kubernetes

1 Answer

3/5/2021

"there's a machine behind each IP"

i am not sure about for which IP you are talking about

There are multiple components in Kubernetes if we focus main

  • POD (It runs docker container)
  • Deployment
  • Service
  • Ingress

Now if talk about managing the traffic it's work like

Ingress > ingress controller > Service > deployment > POD > Container

There are IPs assigned to each PODs (workloads)

But it's not useful in normal case, it auto managed by K8s nothing to do it with it.

it will be internal IP so you can not connect with workload of POD from out of Kubernetes.

Now we have Type of Services

  • ClusterIP
  • Load Balancer
  • Node Port

Cluster IP is the same again internal IP managed by Kubernetes.

The load balancer is exposed to the internet it's like you are attaching the LB to your workload or application so it will be exposed to the internet.

In this case, you will get the external IP open to the internet.

This was like intern arch.

If we talk about simple cluster architecture

There are master node and work nodes

Work nodes have internal and external IP based on you Private Kubernetes cluster or Public Kubernetes cluster.

Each of you container or POD runs on worker node and have internal IP in ideal scenario.

Multiple workloads or containers can run on a single Machine or single VM NODE.

Ports get used the same way we use generally.

For example this is my test service :

apiVersion: v1
kind: Service
metadata:
  name: test
  labels:
    app: test
spec:
  ports:
  - name: http
    port: 80
    targetPort: 9595
  - name: https
    port: 9595
    targetPort: 9595
  selector:
    app: test
    tier: frontend

it's has exposed two port 80 and 9595. if you look carefully targetPort: 9595 there is a target port in both cases it is diverting traffic to the 9595 port on which my container or workload will be running.

-- Harsh Manvar
Source: StackOverflow