NSM in K8s
Table of contents
Kubernetes Networking is IntraCluster
Kubernetes Networking provides a simple, useful Networking model for Pods/Services to communicate intra-cluster.
Additionally various kinds of other communication can be provided at the ‘Edge’ of the cluster.
Network Service Mesh enables individual workloads to have their own per-workload ‘Edge’.
Adding Network Service(s) to a Pod
In Kubernetes, any Pod can add a Network Service using an annotation:
|
|
|
|
simply requests that the Pod have kernel interface injected into its kernel network namespace that is connected to a Network Service named “my-networkservice-1”.
Optionally, the kernel interface name “nsm-1” can be requested:
|
|
Or decorate the request with labels
- app: foo
- version: v1.1
|
|
Multiple Network Services can be requested as a comma separated list:
|
|
IPAM and Routing
For each Network Service connected to a Pod, a new kernel interface will be injected into the Pod, with an IP address assigned by the Endpoint providing the Network Service, and optional routes indicating which IPs should be routed from the Pod to the Network Service.
In order to avoid IP collisions, NSM prevents the use of IP addresses or routes from Prefixes in use in the cluster.
DNS
A Network Service may optionally provide DNS service for that Network Service. The DNS provided by a Network Service may be scoped to only to be consulted for certain DNS domains and/or subdomains.
When a Pod does a DNS query, it is fanned out in parallel to
- The Kubernetes Cluster DNS (over the CNI interface in the Pod)
- Any other Network Service to which the Pod is connected that is providing DNS service for that DNS domain.
The first positive DNS response received is the one returned to the Pod.
Table of contents