云原生|K8S 网络篇
Kubernetes networking requirements
Before diving into the details on how packets flow inside a Kubernetes cluster, let's first clear up the requirements for a Kubernetes network.
The Kubernetes networking model defines a set of fundamental rules:
- A pod in the cluster should be able to freely communicate with any other pod without the use of Network Address Translation (NAT).
- Any program running on a cluster node should communicate with any pod on the same node without using NAT.
- Each pod has its own IP address (IP-per-Pod), and every other pod can reach it at that same address.
Cni
cnm
cgroup
Kube-proxy
Understanding Kubernetes Kube-Proxy
https://supergiant.io/blog/understanding-kubernetes-kube-proxy/
The Easy--Don't Drive Yourself Crazy--Way to Kubernetes Networking [B] - Gerard Hickey, Smartsheet
https://www.youtube.com/watch?v=H5Zl_kDOwBU
An illustrated guide to Kubernetes Networking [Part 1]
https://itnext.io/an-illustrated-guide-to-kubernetes-networking-part-1-d1ede3322727
Change the mechanism of transport packets to kube-proxy
https://github.com/kubernetes/kubernetes/issues/13500
service 和 kube-proxy 原理
https://cizixs.com/2017/03/30/kubernetes-introduction-service-and-kube-proxy/
Kube-cni
vlan
Vxlan
Iplan
Macvlan
容器抓包
TCPDUMP ON KUBERNETES POD USING CALICO AS CNI
https://akhileshthipparthi.wordpress.com/2018/05/16/tcpdump-on-kubernetes-pod-using-calico-as-cni/
1.Identify Worker node where pod is running and list down the the POD IP . You will be able to get those details using below commands,
kubectl describe po -n dev
2.Login to above worker node and list the interfaces using, ip route and filter interface matching the pod IP.
root@k8s-node-0:~# ip route | grep 10.112.12.53 10.112.12.53 dev calixxxxxxxx scope link
3.Take tcpdump on interface cali******* which is the host side of the VETH pair connecting the container back to the root or default network namespace on the host
4.tcpdump -i calixxxxxxxxx -w /opt/capture.pcap &
https://iximiuz.com/en/posts/container-learning-path/
https://learnk8s.io/kubernetes-network-packets
相关文章
- 【Kubernetes】10分钟部署一套K8S集群(kubeadm)
- K8S学习笔记之docker registry使用http非https
- k8s系列(1)-腾讯云CVM手动部署K8S_Dashboard安装2
- Kubernetes(k8s)实现IPv4/IPv6网络双栈
- k8s系列(1)-腾讯云CVM手动部署K8S_Dashboard安装1
- 传统部署方式与k8s部署区别
- 使用 kube-scheduler-simulator 模拟 K8s 调度器环境
- K8s部署docker镜像 Superset,无法查看配置的Hive连接信息
- K8s源码分析(26)-Queue组件和DeltaFIFO组件
- K8S - 资源名称别名/缩写
- K8S之按官方Dashboard目录来进行名词扫盲实战
- K8S 生态周报| K8s v1.25 将 GlusterFS 卷插件废弃
- K8S 生态周报| Kubernetes 爆出全版本漏洞
- 【K8S 系列】k8s 学习一,Kubernetes 基本介绍及核心组件
- K8s大规模落地的难点与多种应对手段|QCon
- MySQL集群:关于k8s环境部署mysql主从的问题
- k8s网络模型
- 迈向K8s Redis大门,开启新的发展空间(进入k8s redis)
- K8S中快速部署Oracle(k8s配置oracle)
- 使用K8s部署Oracle,裁剪应用复杂性(k8s 部署oracle)
- K8s与Oracle的完美结合赋能企业数字化转型(k8s和oracle)