Kubernetes - Networking. Konstantinos Tsakalozos

Similar documents
Life of a Packet. KubeCon Europe Michael Rubin TL/TLM in GKE/Kubernetes github.com/matchstick. logo. Google Cloud Platform

Kubernetes: Twelve KeyFeatures

Project Calico v3.2. Overview. Architecture and Key Components. Project Calico provides network security for containers and virtual machine workloads.

Project Calico v3.1. Overview. Architecture and Key Components

An Introduction to Kubernetes

CONTAINERS AND MICROSERVICES WITH CONTRAIL

Kubernetes introduction. Container orchestration

10 Kube Commandments

Maximizing Network Throughput for Container Based Storage David Borman Quantum

Building a Kubernetes on Bare-Metal Cluster to Serve Wikipedia. Alexandros Kosiaris Giuseppe Lavagetto

Networking Approaches in. a Container World. Flavio Castelli Engineering Manager

Enterprise Kubernetes

Kubernetes Container Networking with NSX-T Data Center Deep Dive

Scaling Jenkins with Docker and Kubernetes Carlos

Overview of Container Management

How to build scalable, reliable and stable Kubernetes cluster atop OpenStack.

Bringing Security and Multitenancy. Lei (Harry) Zhang

Singapore. Service Proxy, Container Networking & K8s. Acknowledgement: Pierre Pfister, Jerome John DiGiglio, Ray

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Multiple Networks and Isolation in Kubernetes. Haibin Michael Xie / Principal Architect Huawei

agenda PAE Docker Docker PAE

Defining Security for an AWS EKS deployment

Efficiently exposing apps on Kubernetes at scale. Rasheed Amir, Stakater

Kuber-what?! Learn about Kubernetes

Zero to Microservices in 5 minutes using Docker Containers. Mathew Lodge Weaveworks

Kubernetes Integration Guide

Dan Williams Networking Services, Red Hat

Launching StarlingX. The Journey to Drive Compute to the Edge Pilot Project Supported by the OpenStack

K8s(Kubernetes) and SDN for Multi-access Edge Computing deployment

Cloud I - Introduction

VMware Integrated OpenStack with Kubernetes Getting Started Guide. VMware Integrated OpenStack 4.1

Securing Microservice Interactions in Openstack and Kubernetes

A REFERENCE ARCHITECTURE FOR DEPLOYING WSO2 MIDDLEWARE ON KUBERNETES

Wolfram Richter Red Hat. OpenShift Container Netzwerk aus Sicht der Workload

Buenos Aires 31 de Octubre de 2018

Microservices. Chaos Kontrolle mit Kubernetes. Robert Kubis - Developer Advocate,

Table of Contents HOL CNA

Kubernetes deep dive

Building an on premise Kubernetes cluster DANNY TURNER

Kubernetes 101. Doug Davis, STSM September, 2017

Kubernetes and the CNI: Where we are and What s Next Casey Callendrello RedHat / CoreOS

@briandorsey #kubernetes #GOTOber

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Oracle Cloud 1z0-932

OpenStack Magnum Hands-on. By Saulius Alisauskas and Bryan Havenstein

VMware Integrated OpenStack with Kubernetes Getting Started Guide. VMware Integrated OpenStack 4.0

Dockercon 2017 Networking Workshop

Kubernetes made easy with Docker EE. Patrick van der Bleek Sr. Solutions Engineer NEMEA

Kubernetes Basics. Christoph Stoettner Meetup Docker Mannheim #kubernetes101

VMWARE PIVOTAL CONTAINER SERVICE

Weiting Chen Zhen Fan

K8s(Kubernetes) and SDN for Multi-access Edge Computing deployment

Kubernetes. An open platform for container orchestration. Johannes M. Scheuermann. Karlsruhe,

Kubernetes and the CNI: Where we are and What s Next Casey Callendrello RedHat / CoreOS

Container Networking and Openstack. Fernando Sanchez Fawad Khaliq March, 2016

Service discovery in Kubernetes with Fabric8

Kubernetes: What s New

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Table of Contents HOL NET

What s New in Red Hat OpenShift Container Platform 3.4. Torben Jäger Red Hat Solution Architect

Service Discovery using Avi Vantage as IPAM and DNS

VMWARE ENTERPRISE PKS

OpenStack and OVN What s New with OVS 2.7 OpenStack Summit -- Boston 2017

Note: Currently (December 3, 2017), the new managed Kubernetes service on Azure (AKS) does not yet support Windows agents.

Getting Started with VMware Integrated OpenStack with Kubernetes. VMware Integrated OpenStack 5.1

Docker Container Access Reference Design

Containers, Serverless and Functions in a nutshell. Eugene Fedorenko

Kuberiter White Paper. Kubernetes. Cloud Provider Comparison Chart. Lawrence Manickam Kuberiter Inc

Paperspace. Architecture Overview. 20 Jay St. Suite 312 Brooklyn, NY Technical Whitepaper

VMWARE PKS. What is VMware PKS? VMware PKS Architecture DATASHEET

Cloud & container monitoring , Lars Michelsen Check_MK Conference #4

Package your Java Application using Docker and Kubernetes. Arun

Load Balancing Nginx Web Servers with OWASP Top 10 WAF in AWS

A Hierarchical SW Load Balancing Solution for Cloud Deployment

Authorized Source IP for OpenShift Project

DevOps CICD PopUp. Software Defined Application Delivery Fabric. Frey Khademi. Systems Engineering DACH. Avi Networks

AGENDA Introduction Pivotal Cloud Foundry NSX-V integration with Cloud Foundry New Features in Cloud Foundry Networking NSX-T with Cloud Fou

Kubernetes: Integration vs Native Solution

Containerisation with Docker & Kubernetes

EdgeConnect for Amazon Web Services (AWS)

How to Install Forcepoint NGFW in Amazon AWS TECHNICAL DOCUMENT

NSX Data Center Load Balancing and VPN Services

FROM MONOLITH TO DOCKER DISTRIBUTED APPLICATIONS

Kubernetes networking in the telco space

Question: 2 Kubernetes changed the name of cluster members to "Nodes." What were they called before that? Choose the correct answer:

WHITE PAPER. RedHat OpenShift Container Platform. Benefits: Abstract. 1.1 Introduction

Secure Kubernetes Container Workloads

Oracle Container Services for use with Kubernetes. User's Guide

Enabling Multi-Cloud with Istio Stretching an Istio service mesh between Public & Private Clouds. John Joyce Robert Li

ForeScout CounterACT. (AWS) Plugin. Configuration Guide. Version 1.3

Infoblox IPAM Driver for Kubernetes User's Guide

Infoblox IPAM Driver for Kubernetes. Page 1

Overview. AWS networking services including: VPC Extend your network into a virtual private cloud. EIP Elastic IP

Oracle IaaS, a modern felhő infrastruktúra

Contrail Networking: Evolve your cloud with Containers

Configure IBM Security Identity Manager Virtual Appliance in Cloud

FD.io VPP & Ligato Use Cases. Contiv-VPP CNI plugin for Kubernetes IPSEC VPN gateway

Red Hat Quay 2.9 Deploy Red Hat Quay on OpenShift

Implementing Container Application Platforms with Cisco ACI

Transcription:

Kubernetes - Networking Konstantinos Tsakalozos

Kubernetes From the greek word κυβερνήτης originally designed by Google and donated to the Cloud Native Computing Foundation. Presented at "Large-scale cluster management at Google with Borg" Proc EuroSys 2015. Kubernetes is an open-source platform designed to automate deploying, scaling, and operating application containers.

Kubernetes architecture Replicating app instances Balancing loads Self-healing apps Rolling updates Naming and discovering Monitoring resources

Pod - The Building Block Pod: group of containers, always co-located Scheduling is on Pods Pod sets the Linux namespaces and cgroups Containers in a Pod: Same IP Shared port space Contact each other with no restrictions via localhost Can use standard IPC (inter-process communications)

Pods - Namespaces and Cgroups Namespaces - restrict the view of the process. Virtualise network stack: - Sockets, network interfaces, routing tables, ip tables Cgroups - resource metering and limiting. - Traffic priority

Pod-to-Pod Communication Kubernetes fundamental netwrok requirements: all containers can communicate with all other containers without NAT all nodes can communicate with all containers (and vice-versa) without NAT the IP that a container sees itself as is the same IP that others see it as Reasoning: low-friction porting of apps from VMs to containers Open to multiple implementations Backwards compatibility

Container Network Interface CNI: container network connectivity, release resources when containers are removed Project: specification and libraries for writing plugins to configure network interfaces Plugins using CNI: Project Calico - a layer 3 virtual network Weave - a multi-host Docker network Contiv Networking - policy networking for various use cases Amazon ECS CNI Plugins - a collection of CNI Plugins to configure containers with Amazon EC2 elastic network interfaces (ENIs) And many more

Simple Network - Flannel Flannel designed for Kubernetes: layer 3 network fabric easy to configure flanneld on each host: Allocating a subnet lease from preconfigured address space Network configuration, the allocated subnets, and any auxiliary data (such as the host's public IP). Packets are forwarded using one of several backend mechanisms including VXLAN and various cloud integrations.

Network Policies Implemented by network plugins (eg calico, canal) Policies: pod Ingress & Egress ingress: whitelist ingress rules allowing traffic which matches both the from and ports sections. egress: rules allowing traffic which matches both the to and ports sections ingress: - from: - ipblock: cidr: 172.17.0.0/16 ports: - protocol: TCP port: 6379 egress: - to: - ipblock: cidr: 10.0.0.0/24 ports: - protocol: TCP port: 5978

Pod-to-Service Communications Pods are not reliable. May crash and be rescheduled at any time! Service: abstraction over a) logical set of Pods and b) access policy Services: abstract other kinds of backends. Model endpoints of external services (eg databases). ServiceTypes ClusterIP: Service on a cluster-internal IP NodePort: Service on each Node s IP at a static port LoadBalancer: Service on a cloud provider s load balancer. NodePort and ClusterIP are used

Pod-to-Service Communications Requests are routed through iptable rules Requests hit kube-proxy and bounce to a Pod

Service Discovery DNS server running as service inside your cluster. The DNS server watches the Kubernetes API for new Services. Example, a Service called "my-service" in Namespace "my-ns". Results of "my-service.my-ns" is the cluster IP. DNS SRV (service) records for named ports. Example, "my-service.my-ns" Service has a port named "http" with protocol TCP, a DNS SRV query for "_http._tcp.my-service.my-ns" to discover the port number for "http".

Services - Notes Pods: IP addresses -> route to a fixed destination Service: Virtual IPs -> not pointing to a single host Routing, IP tables and DNS for Services are dynamic populated Two proxy modes - userspace and iptables, which operate slightly differently. Iptables operations slow in large clusters e.g 10,000 Services IPVS for load balancing, in-kernel hash tables, performance consistency IPVS-based kube-proxy with sophisticated load balancing algorithms (least conns, locality, weighted, persistence)

Ingress Services Kubernetes cluster hosts APIs Ingress is a Service: Give services externally-reachable URLs, load balance traffic, terminate SSL, offer name based virtual hosting Example #1, Simple fanout: foo.bar.com -> 178.91.123.132 -> / foo / bar s1:80 s2:80 Example #2, Name based virtual hosting: foo.bar.com -- 178.91.123.132 bar.foo.com -- -> foo.bar.com s1:80 -> bar.foo.com s2:80

Canonical Distribution of Kubernetes Canonical packages, distributes and offers support for Kubernetes. Highlights: - - Vanila Kubernetes Clean upgrade path Cloud Neutral: AWS, Azure, Google, Oracle, Rackspace, SoftLayer, or private VMware, OpenStack or bare metal. Multi-arch: amd64, s390x (others to come)

The CDK, Canonical Distribution of Kubernetes Bundle

Resources K8s Docs: Kubernetes: https://kubernetes.io/docs/home/ CDK source: Canonical Distribution of Kubernetes: https://www.ubuntu.com/kubernetes Kubernetes upstream: https://github.com/kubernetes/kubernetes/tree/master/cluster/juju Juju-solutions: https://github.com/juju-solutions You can reach us at: Mailing list: https://lists.ubuntu.com/mailman/listinfo/juju Bugs: https://github.com/juju-solutions/bundle-canonical-kubernetes/issues

Thanks!

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback