Network Service in Kubernetes

Photo by Alina Grubnyak on Unsplash

Kubernetes network service related components

The network service related components of k8s are further divided into the following categories.

• Load Balancer / Ingress: Load balancer (LB), Ingress is a layer that receives communication from outside the cluster and transfers it into the cluster. In particular, LB is “outside the cluster”, so it is often placed separately from K8s. Or the component of Ingress may also be the LB.
• DNS / Service Discovery: Performs name resolution and monitoring of pods and containers inside the cluster . It is a traffic control role in the cluster. In k8s, it’s usually a component of DNS and service discovery rather than DNS alone.
• CNI: A component that supports the Container Network Interface (CNI), which tunnels communication between containers.
  Service mesh: A service mesh is a system that can comprehensively and centrally manage pods and services by combining any of the above.

Below, I will introduce the typical components for each classification.

Load Balancer / Ingress

More about cloud service K8s

First of all, as I wrote above, LB is a connection point between the outside and the inside of the cluster, so in the case of the k8s service provided as a cloud service, each company’s own infrastructure network and cluster are connected. LB / Ingress is provided as a dedicated component or service. The help pages of the three representative companies are listed below.

Use a Public Load Balancer - Azure Kubernetes Service

Network load balancing on Amazon EKS

GKE Ingress for HTTP(S) Load Balancing

It is unavoidable that the setting of LB, which is the endpoint of the service on the outermost side of the cluster, is erratic depending on the cloud company, but it will be a problem unexpectedly when operating k8s, so be careful. Since the cloud service makes the service and LB configuration fine, the pod configuration may make it impossible to migrate the cloud at all.

Load Balancer

In link below there is good Load Balancer comparison, this article compares MetalLB , PureLB , and Porter. Porter is a new project added to CNCF in the summer of 2020, so I have high expectations for the future.

Comparing k8s Load Balancers

Ingress

There are two standard Kubernetes Ingress controllers, GCE and nginx . There are quite a few additional Ingress controllers. The list is reprinted below on the official website.

Ingress Controllers

This is the amount of Ingress controller. .. It’s mostly L4 / L7 LB and reverse proxy, so it’s various. You should decide how familiar you are with the menu on the help page of the product . The products whose help is hard to see are already there. However, I personally I use Nginx, and sometimes Traefik, although setting up Nginx is much simpler than Traefik.

DNS / Service Discovery / Service Mesh

As an OSS project for DNS / service discovery alone, CoreDNS may be the current choice. Rather, service discovery and service meshes are usually developed together in a project. That’s why I will introduce OSS of service mesh here

Istio

Consul by HashiCorp

The world's lightest, fastest service mesh.

Envoy Proxy - Home

Container Network Interface (CNI)

CNI itself is also a project under the CNCF

containernetworking/cni

I think it’s also worth taking a look at:

• Cilium

Cilium - Linux Native, API-Aware Networking and Security for Containers

• Calico

Kubernetes

• Flannel

flannel-io/flannel

• Contiv

contiv/vpp

• Tungsten Fabric

Home - Tungsten Fabric