DEV Community

Sina Tavakkol
Sina Tavakkol

Posted on

40 Days Of Kubernetes (32/40)

#kubernetes #40daysofkubernetes

Day 32/40

Kubernetes Networking Explained | Container Network Interface (CNI) With ‪@kubesimplify‬

Video Link
@piyushsachdeva
Git Repository
My Git Repo

In this section, we explain how networking works in Kubernetes.

The Kubernetes network model specifies:

  • Every pod gets its own IP address
  • Containers within a pod share the pod IP address and can communicate freely with each other
  • Pods can communicate with all other pods in the cluster using pod IP addresses (without NAT)
  • Isolation (restricting what each pod can communicate with) is defined using network policies

It is more common to use third-party network implementations that plug into Kubernetes using the CNI (Container Network Interface) API.

There are lots of different kinds of CNI plugins, but the two main ones are:

  • Network plugins, which are responsible for connecting pods to the network
  • IPAM (IP Address Management) plugins, which are responsible for allocating pod IP addresses source

Container Network Interface (CNI) is an open standard for configuring network interfaces in Linux containers. Kubernetes uses CNI plugins to manage network connectivity for pods. Here are some popular CNI plugins commonly used in Kubernetes:

  • Flannel
  • Calico
  • Weave Net
  • Cilium
  • OVN-Kubernetes
  • Multus source

Network kinds
inter node
inter pod

root@sinaops:~# k3s kubectl get node
NAME      STATUS   ROLES                  AGE   VERSION
sinaops   Ready    control-plane,master   18m   v1.30.3+k3s1
root@sinaops:~# cat << EOF | k3s kubectl apply -f -
> apiVersion: v1
kind: Pod
metadata:
  name: shared-namespace
spec:
  containers:
    - name: p1
      image: busybox
      command: ['/bin/sh', '-c', 'sleep 10000']
    - name: p2
      image: nginx
> EOF
pod/shared-namespace created
Enter fullscreen mode Exit fullscreen mode

List of ns

root@sinaops:~# ip netns list
cni-d72a06a2-78f2-fe18-e0ee-f98212cc6b4b (id: 12)
cni-04391c49-b5ee-6ee7-448a-823223533bf0 (id: 11)
cni-3386ac0b-77c3-d56e-944e-bae4b093afa3 (id: 16)
cni-52ef2fc1-9ee9-9c79-a188-11312df766b0 (id: 15)
cni-8f1d6b47-6e90-d771-d30e-4cafc83f68cc (id: 14)
cni-993c14ba-79e4-c943-f067-f480e1562bde (id: 4)
cni-afb0acf9-a2b5-b80e-b6fb-d8769861e8f9 (id: 13)
root@sinaops:~# ls -lt /var/run/netns/
total 0
-r--r--r-- 1 root root 0 Aug 13 18:30 cni-d72a06a2-78f2-fe18-e0ee-f98212cc6b4b
-r--r--r-- 1 root root 0 Aug 13 18:13 cni-04391c49-b5ee-6ee7-448a-823223533bf0
-r--r--r-- 1 root root 0 Aug 13 18:11 cni-3386ac0b-77c3-d56e-944e-bae4b093afa3
-r--r--r-- 1 root root 0 Aug 13 18:11 cni-52ef2fc1-9ee9-9c79-a188-11312df766b0
-r--r--r-- 1 root root 0 Aug 13 18:11 cni-8f1d6b47-6e90-d771-d30e-4cafc83f68cc
-r--r--r-- 1 root root 0 Aug 13 18:11 cni-993c14ba-79e4-c943-f067-f480e1562bde
-r--r--r-- 1 root root 0 Aug 13 18:11 cni-afb0acf9-a2b5-b80e-b6fb-d8769861e8f9
Enter fullscreen mode Exit fullscreen mode 
root@sinaops:~# lsns | grep nginx
 4026533557 mnt         5 2112020 root             nginx: master process nginx -g daemon off;
4026533558 pid         5 2112020 root             nginx: master process nginx -g daemon off;
4026533559 cgroup      5 2112020 root             nginx: master process nginx -g daemon off;
root@sinaops:~# lsns -p 2112020
        NS TYPE   NPROCS     PID USER  COMMAND
4026531834 time      236       1 root  /lib/systemd/systemd --system --deserialize 56
4026531837 user      236       1 root  /lib/systemd/systemd --system --deserialize 56
4026533190 net         7 2111902 65535 /pause
4026533551 uts         7 2111902 65535 /pause
4026533552 ipc         7 2111902 65535 /pause
4026533557 mnt         5 2112020 root  nginx: master process nginx -g daemon off;
4026533558 pid         5 2112020 root  nginx: master process nginx -g daemon off;
4026533559 cgroup      5 2112020 root  nginx: master process nginx -g daemon off;
Enter fullscreen mode Exit fullscreen mode 
root@sinaops:~# ip netns exec cni-d72a06a2-78f2-fe18-e0ee-f98212cc6b4b ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0@if1192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP mode DEFAULT group default
    link/ether 3e:9b:21:45:1f:50 brd ff:ff:ff:ff:ff:ff link-netnsid 0
Enter fullscreen mode Exit fullscreen mode 
root@sinaops:~# ip link
...
1192: vethbb792801@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master cni0 state UP mode DEFAULT group default
    link/ether 2a:de:ce:a7:9e:32 brd ff:ff:ff:ff:ff:ff link-netns cni-d72a06a2-78f2-fe18-e0ee-f98212cc6b4b
root@sinaops:~# ip addr
...
1192: vethbb792801@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master cni0 state UP group default
    link/ether 2a:de:ce:a7:9e:32 brd ff:ff:ff:ff:ff:ff link-netns cni-d72a06a2-78f2-fe18-e0ee-f98212cc6b4b
    inet6 fe80::28de:ceff:fea7:9e32/64 scope link
       valid_lft forever preferred_lft forever
Enter fullscreen mode Exit fullscreen mode 
root@sinaops:~# ethtool -S vethbb792801
NIC statistics:
     peer_ifindex: 2
     rx_queue_0_xdp_packets: 0
     rx_queue_0_xdp_bytes: 0
     rx_queue_0_drops: 0
     rx_queue_0_xdp_redirect: 0
     rx_queue_0_xdp_drops: 0
     rx_queue_0_xdp_tx: 0
     rx_queue_0_xdp_tx_errors: 0
     tx_queue_0_xdp_xmit: 0
     tx_queue_0_xdp_xmit_errors: 0
Enter fullscreen mode Exit fullscreen mode

source

Useful link

Top comments (0)

Read next

pczavre profile image

Streamlining Helm Values Files with YAML Anchors 🚀

Prasad Zavre -

luqmanbello profile image

The Ultimate Comprehensive Guide to Setting Up Self-Hosted Airbyte on EKS Using Karpenter

Luqman Bello -

hiro_111 profile image

Let's Make a k3s Cluster with Raspberry Pi and Cloudflare Tunnel

hiro -

hkhelil profile image

Admission Controllers in Kubernetes: OPA GateKeeper, Kyverno, and Azure Policy Add-on for AKS—Which One Wins? 🏆

Hamdi KHELIL -