( Desmitificando ) Networking en Kubernetes Pablo Fredrikson - Lead SRE @ Invision @pablokbs

@pablokbs NO SOY VENEZOLANO ni chileno ● Pablo Fredrikson ● Argentino (Mendoza) ● Lead SRE @ Invision ● Mil años con Linux ● 2 Años con Kubernetes en Producción

@pablokbs STORY TIME

@pablokbs Kubernetes en 3 minutos - Conceptos ● Contenedor ● Pod ● Nodo / Worker ● Replicas ● Daemonset

@pablokbs Kubernetes en 3 minutos MASTER API server Kube Scheduler Controller Manager Cloud Controller Manager API Kubernetes Cluster Services API Kubernetes Cluster Services API etcd deployment pod1: - container1 - container2 replicas: 3 pod2: - container3 replicas: 2 Kubelet Kubelet Kubelet P1R3 P1R1 P2R1 P1R2 P2R2

@pablokbs Kubernetes en 3 minutos Kubelet P2R1 Kubelet P1R2 Kubelet Kubernetes Cluster Services API deployment pod1: - container1 - container2 replicas: 3 pod2: - container3 replicas: 2 P1R3 P1R1 P2R2 P1R3 P1R1

@pablokbs Expertos en Kubernetes @pablokbs

Qs? @pablokbs @InvisionApp

@pablokbs Pod Networking Kubernetes Cluster Services API Manager Workers Kubelet pod c c calico 10.0.10.34 Kubelet pod c c calico 10.0.10.37 ip route ip route ● Cada pod tiene su propio IP ● IP routing etcd

@pablokbs Kubernetes Services: Kube-proxy Kubelet Kubernetes Cluster Services API pod c c calico 10.0.10.34 ip routing kube-proxy Kubelet pod c c calico 10.0.10.37 ip routing kube-proxy Manager Workers ● Cluster IP ● Node Port ● Load Balancer

@pablokbs Kubelet Kubernetes Services: Ingress Kubernetes Cluster Services API Manager Workers myservice.example.com K C K C svc pod c c calico 10.0.10.34 Kubelet pod c c calico 10.0.10.37

@pablokbs Network Policies Kubernetes Cluster Services API Manager Workers Kubelet front c c calico 10.0.10.34 ip route + iptables Kubelet client c c calico 10.0.10.37 ip route + iptables Kubelet back c c calico 10.0.10.38 ip route + iptables

@pablokbs Conceptos de conectividad de Kubernetes ● Pod networking (CNI) ● Services (kube-proxy) ● Ingress ● Network Policy

@pablokbs Demo

Qs? @pablokbs @InvisionApp