Services:-
A Kubernetes service can easily expose an application deployed on a set of pods using a single endpoint.
i)Kubernetes Networking Concepts
1. Pod-to-Pod Communication
(Flat Network)
o
Every pod gets a unique IP address.
o
Pods can communicate without NAT inside the cluster.
o
Uses CNI (Container Network Interface) plugins like Flannel,
Calico, Cilium.
2. Pod-to-Service Communication
(Stable Networking)
o
Kubernetes Services provide a stable IP and DNS name.
o
Traffic is load-balanced across multiple pod replicas.
3. External Access (Ingress, LoadBalancer,
NodePort)
o
Ingress: Routes external HTTP(S) traffic to services.
o
LoadBalancer: Exposes a service externally (cloud
provider-dependent).
o
NodePort: Opens a high port (e.g., 30000-32767) on each
node.
ii) Types of Kubernetes Services.
|
Type |
Access |
Example Use Case |
|
ClusterIP |
Internal Only |
Pod-to-pod communication |
|
NodePort |
Exposes on Node IP & port
(30000-32767) |
Debugging or small-scale
external access |
|
LoadBalancer |
Assigns external IP (Cloud
provider) |
Production apps on cloud |
|
ExternalName |
DNS CNAME alias |
Redirect traffic to external
services |
iii) Kubernetes
DNS (CoreDNS)
- Every Service gets a DNS name (e.g., myservice.default.svc.cluster.local).
- Uses CoreDNS for name resolution.
# kubectl logs -n kube-system -l
k8s-app=kube-dns
iv) Network Policies (Calico, Cilium)
By default, all
pods can communicate with each other.
Use Network Policies to restrict access.
v) Troubleshooting Kubernetes Networking.
|
Issue |
Fix |
|
Pods can’t talk to each other |
Check CNI plugin (kubectl get
pods -n kube-system) |
|
DNS resolution fails |
Restart CoreDNS (kubectl
rollout restart deployment coredns -n kube-system) |
|
Service unreachable |
Check kubectl get svc -A and kubectl
describe svc <name> |
|
Ingress not working |
Check Ingress Controller (kubectl
get pods -n ingress-nginx) |
|
Flannel subnet error |
Restart Flannel (kubectl
rollout restart ds kube-flannel -n kube-system) |
1.There are many types of Services:
i) ClusterIP (default) :- Exposes a service which is only accessible
from within the cluster.
ii) NodePort :- Exposes a service via a static port on each node’s IP.
iii) LoadBalancer :- It uses cloud providers’ load balancer. NodePort and ClusterIP services
are created automatically to which the external load balancer will route.
iv) Ingress :- Ingress is actually not a
type of service. It sits in front of multiple services and performs smart
routing between them, providing access to your cluster. Several types of ingress controllers have different routing capabilities. In GKE, the
ingress controller creates an HTTP Load Balancer, which can route traffic to
services in the Kubernetes cluster based on path or subdomain.
v) ExternalName :- Maps a service to a predefined
externalName field by returning a value for the CNAME record.
vi)
Headless :- Services that do not need load
balancing and only expose a single IP can create a ‘headless’ service by
specifying “none” as the clusterIP.
vii) External IPs :- If there
are external IPs that route to one or more cluster nodes.
viii) Endpoint:- An endpoint is an resource that gets IP addresses of one or more pods dynamically assigned to it, along with a port.
ix) KubeDNS or Kubernetes DNS:- is a component within the Kubernetes ecosystem that provides Domain
Name System (DNS) resolution services for applications running on Kubernetes
clusters. It essentially enables the mapping of service names to their
corresponding network endpoints within the Kubernetes environment.
2.Two CIDRs are available on a k8s cluster.
1. Pods CIDR :- This specifies the CIDR
range allocated for pod IP addresses in the Kubernetes cluster. Pods in the
cluster will be assigned IP addresses from this range.
2. Services CIDR :- This specifies the
CIDR range allocated for Kubernetes service IP addresses. Services in the
cluster will be assigned virtual IP addresses from this range.
--cluster-cidr=192.169.0.0/16
--service-cluster-ip-range=10.96.0.0/12
# kubectl describe pod kube-controller-manager-master -n
kube-system
3.Each node in a Kubernetes cluster typically has its own CIDR block assigned for pod IP addresses.
# kubectl get nodes -o custom-columns=NAME:.metadata.name,CIDR:.spec.podCIDR
NAME CIDR
master 192.169.0.0/24
node-1 192.169.2.0/24
node-2 192.169.1.0/24
4. How to check container IP.
# kubectl describe pods <Pods_name>
5. How to update pods subnet CDIR.
# kubectl get ippool -o wide
# curl -L
https://github.com/projectcalico/calico/releases/download/v3.27.3/calicoctl-linux-amd64
-o calicoctl
# mv calicoctl /usr/bin/
# chmod +x /usr/bin/calicoctl
# vim ip-pool_change.yaml
apiVersion: projectcalico.org/v3
kind: IPPool
metadata:
name: new-pool
spec:
cidr: 172.17.0.0/20
ipipMode: Always
natOutgoing: true
# calicoctl apply -f
ip-pool_change.yaml
# calicoctl get ippool -o wide
# calicoctl get ippool -o yaml >
ippool_new.yaml
# vim ippool_new.yaml
disabled: true
# calicoctl apply -f ippool_new.yaml
# calicoctl get ippool -o wide
# kubectl -n kube-system edit cm
kubeadm-config
# x=$(kubectl get pods -n
kube-system | awk -F " " '{print $1}')
# kubectl delete pods $x -n
kube-system
Restart all worker nodes
# init 6
# kubectl get pods -A -o wide
No comments:
Post a Comment