Prerequistice topics: Switching & Routing, DNS, Network namespaces, Docker Networking, CNI, Cluster Networking.
show
ip link
ip addr
ip addr add 192.168.1.10/24 dev eth0
ip route
ip route add 192.168.1.0/24 via 192.168.2.1
route
cat /proc/sys/net/ipv4/ip_forward
cat >> /etc/hosts
cat >> /etc/hosts
cat /etc/resolv.conf
cat /etc/nsswitch.conf
nslookup www.google.com
dig www.google.com
ps aux
# Create network namespaces
ip netns add red
ip netns add blue
ip netns
# Create veth pairs
ip link add veth-red type veth peer name veth blue
# Create Add veth to respective namespaces
ip link set veth-red netns red
ip link set veth-blue netns blue
# Set IP Addresses
ip -n red addr add 192.168.1.1 dev veth-red
ip -n blue addr add 192.168.1.2 dev veth-blue
# Check IP Addresses
ip -n red addr
ip -n blue addr
# Bring up interfaces
ip -n red link set veth-red up
ip -n blue link set veth-blue up
# Bring Loopback devices up
ip -n red link set lo up
ip -n blue link set lo up
# Add default gateway
ip netns exec red ip route add default via 192.168.1.1 dev veth-red
ip netns exec blue ip route add default via 192.168.1.2 dev veth-blue
ip netns del red
ip netns del blue
ip link del v-net-0
iptables -t nat -D POSTROUTING 1
ip netns add red
ip netns add blue
ip link add veth-red type veth peer name veth-red-br
ip link add veth-blue type veth peer name veth-blue-br
ip link set veth-red netns red
ip link set veth-blue netns blue
ip -n red addr add 192.168.15.2/24 dev veth-red
ip -n blue addr add 192.168.15.3/24 dev veth-blue
brctl addbr v-net-0
ip link set dev v-net-0 up
ip link set veth-red-br up
ip link set veth-blue-br up
Explore the kubernetes environment to get the networking details.
show
k get nodes
k describe node controlplane | grep -i internal
ip a / ip link
ssh node01
ip link show eth0
netstat -nplt
netstat -anp | grep etcd
netstat -anp | grep etcd | grep 2379 | wc -l
Container Networking Interface is a networking standard. It helps you deploy an agent on each node where it keeps all the networking info of the pods in the nodes and all the nodes in the cluster.
show
ps -aux | grep kubelet | grep --color container-runtime-endpoint
/opt/cni/bin # available CNI pluggins
cat /etc/cni/net.d/10-flannel.conflist | grep type
Check documentaion for deploying a CNI plugin.
show
k apply -f file_name.yaml
Weave installs agent on all the nodes for networking in a cluster in kubernetes.
show
kubectl get pods -n kube-system
kubectl get po -o wide -n kube-system | grep weave
ip addr show weave
ssh node01
ip routeServices are cluster wide.
show
ip a | grep eth0
apt install ipcalc
ipcalc -b <ip_addr>
k logs weave-net-fgxvr weave -n kube-system | grep ipalloc-range
cat /etc/kubernetes/manifests/kube-apiserver.yaml | grep cluster-ip-range
k get pods -n kube-system
k logs kube-proxy-4t62z -n kube-system
Kube DNS is auto created on a cluster and it maps hostnames with their ips. So, you can just reach that host by their hostname if in the same namespace.
For across namespace you can mention hostname.namespace for reaching the host in that namespace.
hostname.namespace.type.root
web-service.apps.svc.cluster.local hostname.default.pod.cluster.local
show
kubectl get pods -n kube-system
kubectl get cm -n kube-system
kubectl get svc
kubectl exec -it hr -- nslookup mysql.payroll > /root/CKA/nslookup.out
- Ingress defines external access to services within a cluster.
- It allows you to route external HTTP/S traffic to internal services.
- Use kubectl create ingress to create an Ingress resource.
- Specify backend services and rules in the Ingress definition.
- Achieve host-based routing with the host field in rules.
- Example: host: example.com.
- Use the path field in rules for path-based routing.
- Example: path: /app.
- Secure traffic with TLS by specifying secrets in the Ingress.
- Define TLS hosts and paths for encryption.
- Customize Ingress behavior using annotations.
- Example: nginx.ingress.kubernetes.io/rewrite-target: /.
- Define a default backend for requests that don’t match defined rules.
- Ensures unmatched traffic has a destination.
- Ingress can be namespace-isolated for better organization.
- Specify the namespace in the Ingress definition.
- Validate Ingress settings with kubectl describe ingress.
- Use tools like curl to test external access.
show
# Create an Ingress Resource
kubectl create ingress <ingress-name> --rule=<host>/<path>=<service-name>:<service-port>
# View Ingress Details
kubectl get ingress <ingress-name> -o yaml
# Describe Ingress
kubectl describe ingress <ingress-name>
# Edit Ingress
kubectl edit ingress <ingress-name> -n <namespae-name>
# Delete Ingress
kubectl delete ingress <ingress-name>
# Check Ingress Controller Logs
kubectl logs -l <ingress-controller-label> -n <ingress-controller-namespace>
# Testing Ingress with Curl
curl -H "Host: <ingress-host>" http://<ingress-ip-or-host>/<path>
# Checking Ingress Controller Version (for NGINX Ingress)
kubectl exec -it <nginx-ingress-controller-pod> -- /nginx-ingress-controller --version
# List All Ingress Resources
kubectl get ingress --all-namespacesIngress view
kubectl edit ingress --namespace app-space
kubectl get svc -n critical-space
kubectl create ingress test-ingress --namespace=critical-space \
--annotation=nginx.ingress.kubernetes.io/rewrite-target=/ \
--annotation=nginx.ingress.kubernetes.io/ssl-redirect="false" \
--rule="/pay=pay-service:8282" --dry-run=client -o yaml >> pay_ingress.yamlIngress Installation
k create namespace ingress-nginx
k create configmap ingress-nginx-controller --n ingress-nginx
k create sa ingress-nginx --n ingress-nginx
k create sa ingress-nginx-application --n ingress-nginx
# created roles, roleBindings, cluserRole, clusterRoleBinding for sa (service accounts)
# show lines
cat -n ingress-controller.yaml
k create -f ingress-controller.yaml -n ingress-nginx