Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Kubernetes CNI vs Kube-proxy

Tags:

I'm not sure what the difference is between the CNI plugin and the Kube-proxy in Kubernetes. From what I get out of the documentation I conclude the following:

Kube-proxy is responsible for communicating with the master node and routing.

CNI provides connectivity by assigning IP addresses to pods and services, and reachability through its routing deamon.

the routing seems to be an overlapping function between the two, is that true?

Kind regards, Charles

like image 705
Charles Van Damme Avatar asked Nov 29 '18 08:11

Charles Van Damme


People also ask

What is the difference between kube-proxy and CNI?

Kube-proxy is responsible for communicating with the master node and routing. CNI provides connectivity by assigning IP addresses to pods and services, and reachability through its routing deamon.

What is kube-proxy?

kube-proxy is a network proxy that runs on each node in your cluster, implementing part of the Kubernetes Service concept. kube-proxy maintains network rules on nodes. These network rules allow network communication to your Pods from network sessions inside or outside of your cluster.

What is a Kubernetes CNI?

Container Network Interface (CNI) is a framework for dynamically configuring networking resources. It uses a group of libraries and specifications written in Go. The plugin specification defines an interface for configuring the network, provisioning IP addresses, and maintaining connectivity with multiple hosts.

Does Calico need kube-proxy?

For Calico, eBPF provided the tools to hasten data traffic while reducing the networking complexity of high-end Kubernetes deployments. Use of this data plane eliminates the need for kube-proxy, Kubernetes' built-in network proxy that handles load balancing through iptables.


1 Answers

OVERLAY NETWORK

Kubernetes assumes that every pod has an IP address and that you can communicate with services inside that pod by using that IP address. When I say “overlay network” this is what I mean (“the system that lets you refer to a pod by its IP address”).

All other Kubernetes networking stuff relies on the overlay networking working correctly.

There are a lot of overlay network backends (calico, flannel, weave) and the landscape is pretty confusing. But as far as I’m concerned an overlay network has 2 responsibilities:

  1. Make sure your pods can send network requests outside your cluster
  2. Keep a stable mapping of nodes to subnets and keep every node in your cluster updated with that mapping. Do the right thing when nodes are added & removed.

KUBE-PROXY

Just to understand kube-proxy, Here’s how Kubernetes services work! A service is a collection of pods, which each have their own IP address (like 10.1.0.3, 10.2.3.5, 10.3.5.6)

  1. Every Kubernetes service gets an IP address (like 10.23.1.2)
  2. kube-dns resolves Kubernetes service DNS names to IP addresses (so my-svc.my-namespace.svc.cluster.local might map to 10.23.1.2)
  3. kube-proxy sets up iptables rules in order to do random load balancing between them.

So when you make a request to my-svc.my-namespace.svc.cluster.local, it resolves to 10.23.1.2, and then iptables rules on your local host (generated by kube-proxy) redirect it to one of 10.1.0.3 or 10.2.3.5 or 10.3.5.6 at random.

In short, overlay networks define the underlying network which can be used for communicating the various component of kubernetes. While kube-proxy is a tool to generate the IP tables magic which let you connect to any of the pod(using servics) in kubernetes no matter on which node that pod exist.

Parts of this answer were taken from this blog:

https://jvns.ca/blog/2017/10/10/operating-a-kubernetes-network/

Hope this gives you brief idea about kubernetes networking.

like image 88
Prafull Ladha Avatar answered Sep 18 '22 21:09

Prafull Ladha