Networking Concepts in Kubernetes
Continuing our Kubernetes blog series, this article dives into the more complex world of Kubernetes networking. Understanding how Kubernetes handles networking is crucial for deploying and managing applications effectively. We’ll explore key concepts and a few hands-on examples. If you haven’t already done so, you can check out the previous articles, here:
- An Introduction to Kubernetes
- Hello World in Kubernetes
- Scaling and Managing Workloads in Kubernetes
Part 1: Pod-to-Pod Communication Across Nodes
Kubernetes allows pods to communicate with each other across different nodes without the need for NAT (Network Address Translation). This is fundamental for applications that are spread across multiple nodes.
For this example, we’ll create two nginx pods on separate nodes.
Create the first nginx pod:
kubectl run nginx1 --image=nginx --labels="app=nginx1"
Create the second nginx pod:
kubectl run nginx2 --image=nginx --labels="app=nginx2"
Verify the Pods are on Different Nodes:
kubectl get pods -o wide
The output shows the node each pod is running on.
Testing Communication:
Exec into one pod:
kubectl exec -ti nginx1 -- /bin/bash
Install curl inside the pod (if not already present):
apt-get update && apt-get install curl
Curl the other pod:
curl http://nginx2
If the setup is correct, you should be able to communicate between the two pods.
Part 2: Kubernetes Services and Their Types
Services in Kubernetes are an abstract way to expose an application running on a set of pods. Next, lets explore how to expose a pod using different service types.
Create a Deployment:
Deploy a simple web application.
kubectl create deployment webapp --image=nginx
Expose as ClusterIP (Default):
Create a ClusterIP service (this is the default type):
kubectl expose deployment webapp --port=80
Access the service within the cluster:
kubectl run curlpod --image=radial/busyboxplus:curl -i --tty
Inside the curlpod, use curl webapp.
Expose as NodePort:
Expose the same deployment as a NodePort:
kubectl expose deployment webapp --type=NodePort --name=webapp-nodeport --port=80
Find the NodePort assigned:
kubectl get svc webapp-nodeport
Access http://localhost:[NodePort] on your browser.
(Optional) Expose as LoadBalancer:
In a local environment like Rancher / Docker Desktop, LoadBalancer may not function as it would in a cloud environment. However, for learning purposes, not that you can expose a pod via a node balancer, as well.
kubectl expose deployment webapp --type=LoadBalancer --name=webapp-loadbalancer --port=80
Check the service:
kubectl get svc webapp-loadbalancer
Note: The external IP may remain pending in non-cloud environments.
Part 3: Network Policies
Network policies in Kubernetes control the flow of traffic between pods. Let’s practice by creating a basic network policy.
Create a Network Policy File (deny-all.yaml):
apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: deny-all spec: podSelector: {} policyTypes: - Ingress
Apply the Network Policy:
kubectl apply -f deny-all.yaml
Test this policy by trying to access your webapp pod from another pod. The traffic should be blocked. When done, remove the policy:
kubectl delete networkpolicy deny-all
Conclusion
Understanding Kubernetes networking is key to effectively managing your applications. By experimenting with pod-to-pod communication, services, and network policies, you gain a deeper understanding of how Kubernetes handles networking. Stay tuned for our next article, where we’ll explore persistent storage in Kubernetes!