I'm not sure what the difference is between the CNI plugin and the Kube-proxy in Kubernetes. From what I get out of the documentation I conclude the following:
Kube-proxy is responsible for communicating with the master node and routing.
CNI provides connectivity by assigning IP addresses to pods and services, and reachability through its routing deamon.
the routing seems to be an overlapping function between the two, is that true?
Kind regards, Charles
Kube-proxy is responsible for communicating with the master node and routing. CNI provides connectivity by assigning IP addresses to pods and services, and reachability through its routing deamon.
kube-proxy is a network proxy that runs on each node in your cluster, implementing part of the Kubernetes Service concept. kube-proxy maintains network rules on nodes. These network rules allow network communication to your Pods from network sessions inside or outside of your cluster.
Container Network Interface (CNI) is a framework for dynamically configuring networking resources. It uses a group of libraries and specifications written in Go. The plugin specification defines an interface for configuring the network, provisioning IP addresses, and maintaining connectivity with multiple hosts.
For Calico, eBPF provided the tools to hasten data traffic while reducing the networking complexity of high-end Kubernetes deployments. Use of this data plane eliminates the need for kube-proxy, Kubernetes' built-in network proxy that handles load balancing through iptables.
OVERLAY NETWORK
Kubernetes assumes that every pod has an IP address and that you can communicate with services inside that pod by using that IP address. When I say “overlay network” this is what I mean (“the system that lets you refer to a pod by its IP address”).
All other Kubernetes networking stuff relies on the overlay networking working correctly.
There are a lot of overlay network backends (calico, flannel, weave) and the landscape is pretty confusing. But as far as I’m concerned an overlay network has 2 responsibilities:
KUBE-PROXY
Just to understand kube-proxy, Here’s how Kubernetes services work! A service is a collection of pods, which each have their own IP address (like 10.1.0.3, 10.2.3.5, 10.3.5.6)
So when you make a request to my-svc.my-namespace.svc.cluster.local, it resolves to 10.23.1.2, and then iptables rules on your local host (generated by kube-proxy) redirect it to one of 10.1.0.3 or 10.2.3.5 or 10.3.5.6 at random.
In short, overlay networks
define the underlying network which can be used for communicating the various component of kubernetes. While kube-proxy
is a tool to generate the IP tables magic which let you connect to any of the pod(using servics) in kubernetes no matter on which node that pod exist.
Parts of this answer were taken from this blog:
https://jvns.ca/blog/2017/10/10/operating-a-kubernetes-network/
Hope this gives you brief idea about kubernetes networking.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With