Skip to main content

Kubernetes Network Design Principles

Kubernetes Network Source: https://kubernetes.io/docs/concepts/cluster-administration/networking/#kubernetes-ip-address-ranges

Node Network

The Node Network consists of Kubernetes worker nodes and control plane nodes. All nodes can communicate with each other.

  • Every node in the Kubernetes cluster should be able to communicate with every other node without NAT (Network Address Translation).
  • Kubernetes assumes a flat network where all nodes can talk freely.
  • Nodes usually have a routable IP address within the cluster.

To see Nodes IP we can use command kubectl get nodes -o wide.

➜ kubectl get nodes -o wide
NAME       STATUS   ROLES           AGE   VERSION   INTERNAL-IP    
minikube   Ready    control-plane   19h   v1.31.0   192.168.49.2   

EXTERNAL-IP   OS-IMAGE             KERNEL-VERSION     CONTAINER-RUNTIME
<none>        Ubuntu 22.04.4 LTS   6.10.14-linuxkit   docker://27.2.0

Pod Network

The Pod Network is where all Kubernetes pods communicate. Pods within the cluster communicate using direct IP routing.

  • Every pod gets a unique IP Address.
  • Every pod in a Kubernetes cluster gets a unique IP address.
  • Pod-to-pod communication happens directly without NAT.
  • The Container Network Interface (CNI) plugin is responsible for managing pod networking.
  • Container inside the same pod communicate by localhost.

We can test pod to pod communication by ping from a pod to other pod.

➜ kubectl get pods -o wide
NAME                         READY   STATUS    RESTARTS   AGE     
postgres-f8f589d5b-59rw8     1/1     Running   0          4h37m   
simple-go-5dc4557ffc-c24fp   1/1     Running   0          4h8m    
simple-go-5dc4557ffc-d6tz6   1/1     Running   0          4h8m    
simple-go-5dc4557ffc-gv4fv   1/1     Running   0          4h8m    

IP            NODE       NOMINATED NODE   READINESS GATES
10.244.0.11   minikube   <none>           <none>
10.244.0.17   minikube   <none>           <none>
10.244.0.15   minikube   <none>           <none>
10.244.0.16   minikube   <none>           <none>
➜ kubectl exec -it simple-go-5dc4557ffc-c24fp -- ping 10.244.0.11
PING 10.244.0.11 (10.244.0.11): 56 data bytes
64 bytes from 10.244.0.11: seq=0 ttl=64 time=97.104 ms
64 bytes from 10.244.0.11: seq=1 ttl=64 time=0.219 ms
64 bytes from 10.244.0.11: seq=2 ttl=64 time=0.292 ms
64 bytes from 10.244.0.11: seq=3 ttl=64 time=0.160 ms
64 bytes from 10.244.0.11: seq=4 ttl=64 time=0.395 ms
^C
--- 10.244.0.11 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 0.160/19.634/97.104 ms

Service Network

The Service Network is a virtual network used for Kubernetes Services. Services get a stable ClusterIP that does not change. Kubernetes load-balances traffic across backend pods.

Kubernetes rewrites outbound traffic from a pod if it's destined for a Service.This ensures that the request is routed correctly to a backend pod.

  • Services use ClusterIP (virtual IP) to route traffic to pods.
  • kube-proxy manages service traffic using iptables or IPVS.

Get service endpoints:

➜ kubectl get endpoints        
NAME         ENDPOINTS                                            AGE
kubernetes   192.168.49.2:8443                                    24h
postgres     10.244.0.11:5432                                     4h35m
simple-go    10.244.0.15:8080,10.244.0.16:8080,10.244.0.17:8080   4h11m

References