Sling Academy
Home/DevOps/Cluster Networking in Kubernetes: Explained with Examples

Cluster Networking in Kubernetes: Explained with Examples

Last updated: January 30, 2024

Table of Contents

  1. Overview
  2. Understanding Kubernetes Networking
  3. Setting Up Basic Pod Networking
  4. Exposing Services within the Cluster
  5. Advanced Examples: Ingress and Network Policies
  6. Conclusion

Overview

Kubernetes, the popular container orchestration platform, provides a robust framework for managing containerized applications across a cluster of machines. At the core of Kubernetes’ functionality is cluster networking, a complex aspect vital for interconnecting containers, services, and other resources. This tutorial aims to demystify Kubernetes cluster networking by explaining key concepts and illustrating them with practical examples.

Understanding Kubernetes Networking

In Kubernetes, the networking model dictates that each Pod should have a unique IP address. This model avoids port conflicts and enables clear communication between Pods, even if they reside on the same node. The main challenge is ensuring that the network is set up to allow communication according to these principles.

To understand Kubernetes networking, it is essential to know about the following components:

  • Pod networking: Network communication between Pods across the cluster.
  • Service networking: Exposing Pods as a network service, which provides a stable endpoint for clients to access a group of replicas.
  • External networking: Enabling communication between services within the cluster and the external world.
  • Network policies: Enforcing rules that dictate how Pods can communicate with each other and with other network endpoints.

Setting Up Basic Pod Networking

For our first example, we’ll look at how Pods communicate within a cluster. Assume we have a simple Kubernetes cluster running, and we want to launch two Pods that can communicate over the Pod network.

apiVersion: v1
kind: Pod
metadata:
  name: nginx-pod
spec:
  containers:
  - name: nginx
    image: nginx

apiVersion: v1
kind: Pod
metadata:
  name: busybox-pod
spec:
  containers:
  - name: busybox
    image: busybox
    command: ['sh', '-c', 'echo Hello Kubernetes! && sleep 3600']

Upon creating these Pods, each will be assigned a unique IP address. We can verify the IP address of the `busybox-pod` by running the following command:

kubectl get pod busybox-pod -o wide

The output will display the IP address alongside other information about the pod. Using this IP, Pods can communicate directly.

Exposing Services within the Cluster

Now, let’s take a step forward and expose our `nginx-pod` as a Service so that other Pods can reach it via a stable IP.

apiVersion: v1
kind: Service
metadata:
  name: nginx-service
spec:
  selector:
    app: nginx
  ports:
  - protocol: TCP
    port: 80
    targetPort: 80

Here, the `selector` matches the Pods managed by this Service, and the Service exposes port 80 to any internal client that wishes to communicate. After the Service is created, we can reach the `nginx-pod` using the DNS name `nginx-service` from any Pod inside the cluster.

Advanced Examples: Ingress and Network Policies

Moving to a more advanced scenario, let’s look into setting up an Ingress resource for managing external access:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: example-ingress
spec:
  rules:
  - http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: nginx-service
            port:
              number: 80

This Ingress object will allow external traffic to access our `nginx-service` from outside the cluster. For this to work, an Ingress controller must be running in the cluster.

Lastly, let’s ensure our Pods are secure using a Network Policy:

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: deny-from-other-namespaces
spec:
  podSelector:
    matchLabels:
  ingress:
  - from:
    - podSelector: {}

This Network Policy denies traffic to Pods unless it comes from the same namespace. Let’s apply this policy and see the effect:

kubectl apply -f network-policy.yaml

The result is tighter security, as Pods from other namespaces won’t be able to communicate with our Pods by default.

Conclusion

This guide has walked through the basics of cluster networking in Kubernetes, from Pod-to-Pod communication to the more advanced concepts like Ingress and Network Policies. With these examples, you should have a better understanding of how to implement and manage network communication within your Kubernetes clusters.

Next Article: Implementing High Availability in Kubernetes Clusters

Previous Article: Understanding Node Selectors and Affinity in Kubernetes (with Examples)

Series: Kubernetes Tutorials

DevOps

You May Also Like

  • How to reset Ubuntu to factory settings (4 approaches)
  • Making GET requests with cURL: A practical guide (with examples)
  • Git: What is .DS_Store and should you ignore it?
  • NGINX underscores_in_headers: Explained with examples
  • How to use Jenkins CI with private GitHub repositories
  • Terraform: Understanding State and State Files (with Examples)
  • SHA1, SHA256, and SHA512 in Terraform: A Practical Guide
  • CSRF Protection in Jenkins: An In-depth Guide (with examples)
  • Terraform: How to Merge 2 Maps
  • Terraform: How to extract filename/extension from a path
  • JSON encoding/decoding in Terraform: Explained with examples
  • Sorting Lists in Terraform: A Practical Guide
  • Terraform: How to trigger a Lambda function on resource creation
  • How to use Terraform templates
  • Understanding terraform_remote_state data source: Explained with examples
  • Jenkins Authorization: A Practical Guide (with examples)
  • Solving Jenkins Pipeline NotSerializableException: groovy.json.internal.LazyMap
  • Understanding Artifacts in Jenkins: A Practical Guide (with examples)
  • Using Jenkins with AWS EC2 and S3: A Practical Guide