chapter five

5 CNIS and providing the Pod with a network

This chapter covers

Defining the Kubernetes "SDN" in terms of the kube-proxy and CNI
Connecting between traditional SDN linux tools and CNI plugins
Using open technologies to govern the way CNIs operates
Exploring the Calico and Antrea CNI providers

As a reminder, Software defined Networks (SDN) traditionally have managed load balancing, isolation, and security of virtual machines in the cloud, as well as in many on-premise datacenters. They often are a convenience for easing the burden on system administrators who need to reconfigure large data center networks every week, or maybe every day when new VMs are created or destroyed.

Fast-forwarding into the age of Containers, the concept of an SDN takes on a whole new meaning, because your network is changing constantly (every second, in a large K8s cluster), and so it must, by definition, be entirely automated by software. The Kubernetes network is entirely software-defined, and is constantly in flux, due to the ephemeral and dynamic nature of Kubernetes pod and service endpoints.

5.1 Why we need Software Defined Networks in Kubernetes

5.2 The KubeProxy implements the Service side of the Kubernetes SDN

5.2.1 The Kube-proxy’s dataplane

5 CNIS and providing the Pod with a network

This chapter covers

5.1 Why we need Software Defined Networks in Kubernetes

5.2 The KubeProxy implements the Service side of the Kubernetes SDN

5.2.1 The Kube-proxy’s dataplane

5.2.2 What about NodePorts?

5.3 CNI Providers

5.4 Diving into two CNI networking plugins: Calico and Antrea

5.4.1 The architecture of a CNI plugin

5.4.2 Let’s play with some CNIs !

5.4.3 Installing the Calico CNI provider

5.4.4 Kubernetes Networking with OpenVSwitch: Antrea

5.4.5 A Note on CNI providers and KubeProxy on different operating systems

5.5 Summary