Kubernetes Networking¶
Overview¶
This guide covers networking concepts in Kubernetes, including services, ingress controllers, network policies, and DNS configuration.
Prerequisites¶
- Basic understanding of Kubernetes concepts
- Knowledge of networking principles
- Familiarity with load balancing
- Understanding of DNS
Learning Objectives¶
- Understand Kubernetes networking
- Learn service types
- Master ingress configuration
- Implement network policies
- Configure DNS
Table of Contents¶
Services¶
ClusterIP Service¶
apiVersion: v1
kind: Service
metadata:
name: backend-service
spec:
type: ClusterIP
selector:
app: backend
ports:
- protocol: TCP
port: 80
targetPort: 8080
NodePort Service¶
apiVersion: v1
kind: Service
metadata:
name: frontend-service
spec:
type: NodePort
selector:
app: frontend
ports:
- protocol: TCP
port: 80
targetPort: 3000
nodePort: 30080
LoadBalancer Service¶
apiVersion: v1
kind: Service
metadata:
name: web-service
spec:
type: LoadBalancer
selector:
app: web
ports:
- protocol: TCP
port: 80
targetPort: 8080
Ingress¶
Basic Ingress¶
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: web-ingress
spec:
rules:
- host: example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: web-service
port:
number: 80
TLS Ingress¶
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: tls-ingress
spec:
tls:
- hosts:
- secure.example.com
secretName: tls-secret
rules:
- host: secure.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: secure-service
port:
number: 443
Path-based Routing¶
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: path-ingress
spec:
rules:
- host: api.example.com
http:
paths:
- path: /v1
pathType: Prefix
backend:
service:
name: api-v1-service
port:
number: 80
- path: /v2
pathType: Prefix
backend:
service:
name: api-v2-service
port:
number: 80
Network Policies¶
Default Deny Policy¶
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: default-deny
spec:
podSelector: {}
policyTypes:
- Ingress
- Egress
Allow Specific Traffic¶
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: api-network-policy
spec:
podSelector:
matchLabels:
app: api
policyTypes:
- Ingress
- Egress
ingress:
- from:
- podSelector:
matchLabels:
app: frontend
ports:
- protocol: TCP
port: 8080
egress:
- to:
- podSelector:
matchLabels:
app: database
ports:
- protocol: TCP
port: 5432
DNS Configuration¶
CoreDNS ConfigMap¶
apiVersion: v1
kind: ConfigMap
metadata:
name: coredns
namespace: kube-system
data:
Corefile: |
.:53 {
errors
health
kubernetes cluster.local in-addr.arpa ip6.arpa {
pods insecure
upstream
fallthrough in-addr.arpa ip6.arpa
}
prometheus :9153
forward . /etc/resolv.conf
cache 30
loop
reload
loadbalance
}
Custom DNS Entry¶
apiVersion: v1
kind: Service
metadata:
name: custom-dns
annotations:
external-dns.alpha.kubernetes.io/hostname: custom.example.com
spec:
type: ExternalName
externalName: service.namespace.svc.cluster.local
Load Balancing¶
External Load Balancer¶
apiVersion: v1
kind: Service
metadata:
name: external-lb
annotations:
service.beta.kubernetes.io/aws-load-balancer-type: nlb
spec:
type: LoadBalancer
selector:
app: web
ports:
- protocol: TCP
port: 80
targetPort: 8080
Internal Load Balancer¶
apiVersion: v1
kind: Service
metadata:
name: internal-lb
annotations:
service.beta.kubernetes.io/aws-load-balancer-internal: "true"
spec:
type: LoadBalancer
selector:
app: internal-app
ports:
- protocol: TCP
port: 80
targetPort: 8080
Best Practices¶
- Use appropriate service types
- Implement ingress controllers
- Configure network policies
- Optimize DNS settings
- Use load balancing effectively
- Monitor network performance
- Implement security measures
Common Pitfalls¶
- Incorrect service configuration
- Missing network policies
- DNS resolution issues
- Load balancer misconfiguration
- Poor ingress routing
- Network performance issues
Implementation Examples¶
Complete Networking Stack¶
apiVersion: v1
kind: Service
metadata:
name: web-service
spec:
type: ClusterIP
selector:
app: web
ports:
- protocol: TCP
port: 80
targetPort: 8080
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: web-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: web-service
port:
number: 80
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: web-network-policy
spec:
podSelector:
matchLabels:
app: web
policyTypes:
- Ingress
- Egress
ingress:
- from:
- namespaceSelector:
matchLabels:
name: frontend
ports:
- protocol: TCP
port: 80
egress:
- to:
- namespaceSelector:
matchLabels:
name: backend
ports:
- protocol: TCP
port: 8080
Service Mesh Configuration¶
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: web-vs
spec:
hosts:
- "example.com"
gateways:
- web-gateway
http:
- match:
- uri:
prefix: /v1
route:
- destination:
host: web-service-v1
port:
number: 80
- match:
- uri:
prefix: /v2
route:
- destination:
host: web-service-v2
port:
number: 80
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: web-dr
spec:
host: web-service
trafficPolicy:
loadBalancer:
simple: ROUND_ROBIN
subsets:
- name: v1
labels:
version: v1
- name: v2
labels:
version: v2
Resources for Further Learning¶
Practice Exercises¶
- Configure different service types
- Set up ingress controllers
- Implement network policies
- Configure DNS settings
- Set up load balancing