Kubernetes Beginner’s Guide Part 4: Networking Concepts

by Tom Vaidyanin Containerization, DevOps, Docker, Web Developmenton Posted on

Networking Concepts in Kubernetes

Continuing our Kubernetes blog series, this article dives into the more complex world of Kubernetes networking. Understanding how Kubernetes handles networking is crucial for deploying and managing applications effectively. We’ll explore key concepts and a few hands-on examples. If you haven’t already done so, you can check out the previous articles, here:

Part 1: Pod-to-Pod Communication Across Nodes

Kubernetes allows pods to communicate with each other across different nodes without the need for NAT (Network Address Translation). This is fundamental for applications that are spread across multiple nodes.

For this example, we’ll create two nginx pods on separate nodes.

Create the first nginx pod:

kubectl run nginx1 --image=nginx --labels="app=nginx1"

Create the second nginx pod:

kubectl run nginx2 --image=nginx --labels="app=nginx2"

Verify the Pods are on Different Nodes:

kubectl get pods -o wide

The output shows the node each pod is running on.

Testing Communication:

Exec into one pod:

kubectl exec -ti nginx1 -- /bin/bash

Install curl inside the pod (if not already present):

apt-get update && apt-get install curl

Curl the other pod:

curl http://nginx2

If the setup is correct, you should be able to communicate between the two pods.

Part 2: Kubernetes Services and Their Types

Services in Kubernetes are an abstract way to expose an application running on a set of pods. Next, lets explore how to expose a pod using different service types.

Create a Deployment:

Deploy a simple web application.

kubectl create deployment webapp --image=nginx

Expose as ClusterIP (Default):

Create a ClusterIP service (this is the default type):

kubectl expose deployment webapp --port=80

Access the service within the cluster:

kubectl run curlpod --image=radial/busyboxplus:curl -i --tty

Inside the curlpod, use curl webapp.

Expose as NodePort:

Expose the same deployment as a NodePort:

kubectl expose deployment webapp --type=NodePort --name=webapp-nodeport --port=80

Find the NodePort assigned:

kubectl get svc webapp-nodeport

Access http://localhost:[NodePort] on your browser.

(Optional) Expose as LoadBalancer:

In a local environment like Rancher / Docker Desktop, LoadBalancer may not function as it would in a cloud environment. However, for learning purposes, not that you can expose a pod via a node balancer, as well.

kubectl expose deployment webapp --type=LoadBalancer --name=webapp-loadbalancer --port=80

Check the service:

kubectl get svc webapp-loadbalancer

Note: The external IP may remain pending in non-cloud environments.

Part 3: Network Policies

Network policies in Kubernetes control the flow of traffic between pods. Let’s practice by creating a basic network policy.

Create a Network Policy File (deny-all.yaml):

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: deny-all
spec:
  podSelector: {}
  policyTypes:
  - Ingress

Apply the Network Policy:

kubectl apply -f deny-all.yaml

Test this policy by trying to access your webapp pod from another pod. The traffic should be blocked. When done, remove the policy:

kubectl delete networkpolicy deny-all

Conclusion

Understanding Kubernetes networking is key to effectively managing your applications. By experimenting with pod-to-pod communication, services, and network policies, you gain a deeper understanding of how Kubernetes handles networking. Stay tuned for our next article, where we’ll explore persistent storage in Kubernetes!

Leave a Comment

Your email address will not be published. Required fields are marked *