开发者社区

文档建议反馈控制台

最新优惠活动

文章/答案/技术大牛

发布

社区首页 >专栏 >云原生｜K8S 网络篇

云原生｜K8S 网络篇

heidsoft

发布于 2023-03-18 17:23:07

3000

发布于 2023-03-18 17:23:07

举报

文章被收录于专栏：云计算与大数据云计算与大数据

Kubernetes networking requirements

Before diving into the details on how packets flow inside a Kubernetes cluster, let's first clear up the requirements for a Kubernetes network.

The Kubernetes networking model defines a set of fundamental rules:

A pod in the cluster should be able to freely communicate with any other pod without the use of Network Address Translation (NAT).
Any program running on a cluster node should communicate with any pod on the same node without using NAT.
Each pod has its own IP address (IP-per-Pod), and every other pod can reach it at that same address.

Cni

cnm

cgroup

Kube-proxy

Understanding Kubernetes Kube-Proxy

https://supergiant.io/blog/understanding-kubernetes-kube-proxy/

The Easy--Don't Drive Yourself Crazy--Way to Kubernetes Networking [B] - Gerard Hickey, Smartsheet

https://www.youtube.com/watch?v=H5Zl_kDOwBU

An illustrated guide to Kubernetes Networking [Part 1]

https://itnext.io/an-illustrated-guide-to-kubernetes-networking-part-1-d1ede3322727

Change the mechanism of transport packets to kube-proxy

https://github.com/kubernetes/kubernetes/issues/13500

service 和 kube-proxy 原理

https://cizixs.com/2017/03/30/kubernetes-introduction-service-and-kube-proxy/

Kube-cni

vlan

Vxlan

Iplan

Macvlan

容器抓包

TCPDUMP ON KUBERNETES POD USING CALICO AS CNI

https://akhileshthipparthi.wordpress.com/2018/05/16/tcpdump-on-kubernetes-pod-using-calico-as-cni/

1.Identify Worker node where pod is running and list down the the POD IP . You will be able to get those details using below commands,

kubectl describe po -n dev

2.Login to above worker node and list the interfaces using, ip route and filter interface matching the pod IP.

root@k8s-node-0:~# ip route | grep 10.112.12.53 10.112.12.53 dev calixxxxxxxx scope link

3.Take tcpdump on interface cali******* which is the host side of the VETH pair connecting the container back to the root or default network namespace on the host

4.tcpdump -i calixxxxxxxxx -w /opt/capture.pcap &

https://iximiuz.com/en/posts/container-learning-path/

https://learnk8s.io/kubernetes-network-packets

本文参与腾讯云自媒体分享计划，分享自微信公众号。

原始发表：2023-01-27，如有侵权请联系 cloudcommunity@tencent.com 删除

本文分享自云数智圈微信公众号，前往查看

如有侵权，请联系 cloudcommunity@tencent.com 删除。

本文参与腾讯云自媒体分享计划，欢迎热爱写作的你一起参与！

评论

登录后参与评论

0 条评论

热度

最新

LV.

目录

Kubernetes networking requirements
Cni
cnm
cgroup
Kube-proxy
Kube-cni
vlan
Vxlan
Iplan
Macvlan
容器抓包

相关产品与服务

容器服务

腾讯云容器服务（Tencent Kubernetes Engine, TKE）基于原生 kubernetes 提供以容器为核心的、高度可扩展的高性能容器管理服务，覆盖 Serverless、边缘计算、分布式云等多种业务部署场景，业内首创单个集群兼容多种计算节点的容器资源管理模式。同时产品作为云原生 Finops 领先布道者，主导开源项目Crane，全面助力客户实现资源优化、成本控制。

产品介绍产品文档

精选特惠用云无忧