Kubernetes networking and the outside world
a story about how K8S chats with its friends
Laurent CORBES (Enix) (@lcaflc)
Who's ENIX?
A team of experts who can help you with:
-
Container Orchestration
(consulting, training, managed Kubernetes hosting)
- Network
(our teams have built CDNs and dark fiber networks)
- Virtualization
(we were already selling Xen VMs in 2005)
- Hosting
(let's Terraform your OpenStack)
Outline
- K8S networking model
- Custom Integration
- Kube-Router
K8S networking model
- direct containers and nodes communication
- Containers see their own IP
- IP per Pod
- Cluster network
Pod to Pod network communication:
On all setups there is an "easy" solution.
External network communication:
- Inbound: External to K8s Services
- Outbound: Pods to external
- External to Pods (Why not !)
Inbound
Outbound
- SNAT
- Routing
- CNI integration
Standard modules not sufficient
Need some extra integration
Cloud Providers world
- K8s as a Service
- CNI driver
- Services load balancer
On Premise subworld
DiY
OpenStack
The Clone Wars
- Integration standard
- Neutron LBaaS
- Layer2 networking
Self made Load Balancer
No Pain, No Gain
- Time consuming
- Simple load balancer + NodePort
- Dynamic with K8s API
- Ingress Controller
Kube-Router
Old pipes give sweetest smoke
Kube-Router
Pod to Pod networking
- Fully Dynamic
- Fully meshed
- No NAT
- Network Policy
![]()
![]()
Services
- Dynamic Loadbalancing
- L4 TCP/UDP
- DSR support
![]()
![]()
![]()
BGP advertisement
- Any BGP router support
- Cluster network and pod CIDRs
- Services ClusterIP / External IP
- ECMP
This is the End
- On cloud is easy
- But on premise is possible
