Kubernetes network service related components
The network service related components of k8s are further divided into the following categories.
- Load Balancer / Ingress: Load balancer (LB), Ingress is a layer that receives communication from outside the cluster and transfers it into the cluster. In particular, LB is “outside the cluster”, so it is often placed separately from K8s. Or the component of Ingress may also be the LB.
- DNS / Service Discovery: Performs name resolution and monitoring of pods and containers inside the cluster . It is a traffic control role in the cluster. In k8s, it’s usually a component of DNS and service discovery rather than DNS alone.
- CNI: A component that supports the Container Network Interface (CNI), which tunnels communication between containers.
Service mesh: A service mesh is a system that can comprehensively and centrally manage pods and services by combining any of the above.
Below, I will introduce the typical components for each classification.
Load Balancer / Ingress
More about cloud service K8s
First of all, as I wrote above, LB is a connection point between the outside and the inside of the cluster, so in the case of the k8s service provided as a cloud service, each company’s own infrastructure network and cluster are connected. LB / Ingress is provided as a dedicated component or service. The help pages of the three representative companies are listed below.
Use a Public Load Balancer - Azure Kubernetes Service
The Azure Load Balancer is on L4 of the Open Systems Interconnection (OSI) model that supports both inbound and…
Network load balancing on Amazon EKS
When you create a Kubernetes Service of type LoadBalancer , an AWS Network Load Balancer (NLB) is provisioned that load…
GKE Ingress for HTTP(S) Load Balancing
This page provides a general overview of how Ingress for HTTP(S) Load Balancing works. Google Kubernetes Engine (GKE)…
It is unavoidable that the setting of LB, which is the endpoint of the service on the outermost side of the cluster, is erratic depending on the cloud company, but it will be a problem unexpectedly when operating k8s, so be careful. Since the cloud service makes the service and LB configuration fine, the pod configuration may make it impossible to migrate the cloud at all.
In link below there is good Load Balancer comparison, this article compares MetalLB , PureLB , and Porter. Porter is a new project added to CNCF in the summer of 2020, so I have high expectations for the future.
Comparing k8s Load Balancers
The three open source load balancers that can be used with any k8s distribution
There are two standard Kubernetes Ingress controllers, GCE and nginx . There are quite a few additional Ingress controllers. The list is reprinted below on the official website.
In order for the Ingress resource to work, the cluster must have an ingress controller running. Unlike other types of…
This is the amount of Ingress controller. .. It’s mostly L4 / L7 LB and reverse proxy, so it’s various. You should decide how familiar you are with the menu on the help page of the product . The products whose help is hard to see are already there. However, I personally I use Nginx, and sometimes Traefik, although setting up Nginx is much simpler than Traefik.
DNS / Service Discovery / Service Mesh
As an OSS project for DNS / service discovery alone, CoreDNS may be the current choice. Rather, service discovery and service meshes are usually developed together in a project. That’s why I will introduce OSS of service mesh here
A service mesh for observability, security in depth, and management that speeds deployment cycles.
Consul by HashiCorp
Private datacenters with static IPs, primarily north-south traffic, protected by perimeter security and coarse-grained…
The world's lightest, fastest service mesh.
Linkerd adds critical security, observability, and reliability to your Kubernetes stack, without any code changes.
Container Network Interface (CNI)
CNI itself is also a project under the CNCF
CNI ( Container Network Interface), a Cloud Native Computing Foundation project, consists of a specification and…
I think it’s also worth taking a look at:
Cilium - Linux Native, API-Aware Networking and Security for Containers
Traditional firewalls limit their inspection to the IP and TCP layers. Cilium uses eBPF to accelerate getting data in…
Flannel is a simple and easy way to configure a layer 3 network fabric designed for Kubernetes. Flannel runs a small…
Contiv-VPP is a CNI plugin for Kubernetes that employs a programmable CNF vSwitch based on FD.io VPP offering…
- Tungsten Fabric