3

I have been studying how kubernetes pod communication works across nodes and here is my intake so far:

Basically, the following figure describes. how each pod has network interface eth0 that is linked to the veth and than bridged to the hosts eth0 interface.

One way to make cross node communication between pods is by configuring routing tables accordingly.

let's say Node A has address domain 10.1.1.0/24 and Node B has address domain 10.1.2.0/24.

I can configure routing tables on node A to forward traffic for 10.1.2.0/24 to 10.100.0.2(eth0 of node B), and similar for node B to forward traffic for 10.1.1.0/24 to 10.100.0.1 (eth0 of node A)

This can work if my nodes aren't seperated by routers or if the routers are configured accordingly because they will otherwise drop packets that have private ip address as destination, This is isn't practical!

enter image description here

And here we get to talk about SDN which I am not clear about and is apparently the solution. As far as I know the SDN encapsulates packets to set a routable source and destination Ips

So basically to deploy A Container network plugin on kubernetes which creates an SDN, you basically create daemon sets and other assisting kubernetes objects.

My question is:

How do those daemon sets replace the routing tables modifications and make sure pods can communicate across nodes?

How do daemon sets which are also pods, influence the network and other pods which have different namespaces?

Jason Aller
  • 3,541
  • 28
  • 38
  • 38
Ezwig
  • 400
  • 1
  • 3
  • 14
  • Tim Hockin (Kubernetes Engineer on SIG Network) [recently posted](https://twitter.com/thockin/status/1191766983735296000?s=20) a [document](https://docs.google.com/drawings/d/1MtWL8qRTs6PlnJrW4dh8135_S9e2SaawT410bJuoBPk) with a flowchart explaining how kube-proxy act on iptables rules. Worth reading. – Eduardo Baitello Nov 14 '19 at 15:21
  • Kube proxy actually handles Service resource implementation, where it modifes iptables to redirect packets to the pods when receiving a packet with the service ip address as destination, this is a whole other topic, but thank You! – Ezwig Nov 14 '19 at 15:26

1 Answers1

1

How do those daemon sets replace the routing tables modifications and make sure pods can communicate across nodes?

Networking can be customized with a kubenet-plugin or a CNI-plugin as described in Network Plugins to the kubelet that runs on every node. The Network Plugin is responsible for handling the routing, possibly by using kube-proxy. E.g. Cilium CNI plugin is a complete replacement of kube-proxy and is using eBPF instead of iptables.

How do daemon sets wich are also pods, influence the network and other pods which have diffrent namespaces?

Yes, DaemonSet is normal pods. Kubelet is a special node-component that manage pods, except containers not created by Kubernetes.

Life of a packet is a recommended presentation about Kubernetes Networking

Jonas
  • 121,568
  • 97
  • 310
  • 388
  • Thanks for the answer, I have consulted the documents linked, will be watching the vidéo, however this doesn't satisfy me, I want a more in depth explanation. – Ezwig Nov 14 '19 at 18:42