Pod networking
A Pod is a group of containers with shared storage and networking
IP per pod model
Because both containers share the same networking namespace, the two containers appears as through they are installed on the same machine. The nginx container will contact the legacy application by establishing a connection to local host on tcp port 8000.
Two pods communicate on the same node.
Pod IP is from the VPC (logically isolated networks that provide connectivity for resources you deploy within GCP. such as kubernetes clusters, Compute Engine instances, and App Engine)
A VPC can be composed of many different IP subnets in regions all around the world.
The pod’s IP address are part of the address range called an alias IP. GKE automatically configures your VPC to recognize this range of IP address as an authorized secondary subnet of IP addresses.
As a result, the pod’s traffic is permitted to pass the anti-spoofing filters on the network.
Also, because each node maintains a separate IP address base for its pods, the nodes don’t need to perform network address translation on the pod IP address. That means that the pods can directly connect to each other using their native IP addreses.
The traffic from your cluster is routed or peered inside GCP, but becomes now translated, at the node IP address if it has to exit GCP.
On GCP, Alias IPs allow you to configure additional secondary IP addresses or IP ranges on your Compute Engine VM instances. VPC-Native GKE clusters automatically create an Alias IP range to reserve approximately 4000 IP addresses for cluster-wide Services that you may create later.
Services
In an ever-changing container environment, Services give Pods a stable IP address and name that remains the same through updates, upgrades, scalability changes, and even Pod failures. Instead of connecting to a specific Pod, applications on Kubernetes rely on Services to locate suitable Pods and forward the traffic via those Services rather than directly to Pods.
Finding Services (Service Discovery)
There are several ways to find a Service in GKE
- Environment Variables
- Kubernetes DNS
- lstio
Problems: For created pods, the environment variables does work, so no way to control them.
IP based solution to connect the service and pods
For pod and service in the same namespace, use the short DNS name, otherwise, the namespace is needed for DNS solution.
Service Types and Load Balancers
* ClusterIP
* NodePort
* Load balancer
Internal communications within a cluster - ClusterIP
NodePort is built on top of cluster IP’s service.
How load balancers work
Ingress Resource
Container-Native Load Balancing
Network Security
