0

Can someone please explain how POD to POD works in AKS? from the docs, I can see it uses kube proxy component to send the traffic to the desired POD.

But I have been told that I must use clusterIP service and bind all the relevant POD's together. So what is real flow? Or I missed something. below a couple of questions to be more clear.

Questions:

  1. how POD to POD inside one node can talk to each other? what is the flow?
  2. how POD to POD inside a cluster (different nodes) can talk to each other? what is the flow?
  3. if it's possible it will be highly appreciated if you can describe the flows for #1 and #2 in the deployment of kubenet and CNI.

Thanks a lot!

Improve this question
2

1 Answer 1

Reset to default
2

for pod to pod communication we use services. so first we need to understand,

why we need service: what actually do service for us that, they resolve the dns name and give us the the exact ip that we need to connect a specific pod. now as you want to communicate with pod to pod you need to create a ClusterIP service.

ClusterIP: Exposes the Service on a cluster-internal IP. Choosing this value makes the Service only reachable from within the cluster. This is the default ServiceType. with ClusterIP service you can't access a pod from outside the cluster for this reason we use clusterip service if we want the communication between pod to pod only.

kube-proxy is the network proxy that runs on each node in your cluster.

it maintains network rules on nodes. These network rules allow network communication to your Pods from network sessions inside or outside of your cluster. every service maintain iptables.And kube-proxy handled these ip tables for every service. so yes, kube-proxy is the most vital point for network setup in our k8s cluster.

how the network policy works in kubernetes:

  • all Pods can communicate with all other Pods without using network address translation (NAT).
  • all Nodes can communicate with all Pods without NAT.
  • the IP that a Pod sees itself as is the same IP that others see it as.

with those point:

  • Container-to-Container networking
  • Pod-to-Pod networking
  • Pod-to-Service networking
  • Internet-to-Service networking

It handles transmission of packets between pod to pods, and also with the outside world. It acts like a network proxy and load balancer for pods running on the node by implementing load-balancing using NAT in iptables.

The kube-proxy process stands in between the Kubernetes network and the pods that are running on that particular node. It is responsible for ensuring that communication is maintained efficiently across all elements of the cluster. When a user creates a Kubernetes service object, the kube-proxy instance is responsible to translate that object into meaningful rules in the local iptables rule set on the worker node. iptables is used to translate the virtual IP assigned to the service object to all of the pod IPs mapped by the service. i hope it's clear your idea about kube proxy.

lets see a example how it's works. here i used headless service so that i can connect a specific pod.

---
apiVersion: v1
kind: Service
metadata:
  name: my-service
  namespace: default
spec:
  clusterIP: None
  selector:
    app: my-test
  ports:
  - port: 80
    name: rest
---

apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: my-sts
spec:
  serviceName:  my-service
  replicas: 3
  selector:
    matchLabels:
      app: my-test
  template:
    metadata:
      labels:
        app: my-test
    spec:
      containers:
        - name: nginx
          image: nginx
          ports:
            - containerPort: 80
              name: web

---

this will create 3 pods. as : my-sts-0, my-sts-1, my-sts-2. now if we want to connect to the pod my-sts-0 just use this dns name my-sts-0.my-service.default.svc:80 . and the service will resolve the dns name and will provide the exact podip of my-sts-0. now if you need to comminucate from my-sts-1 to my-sts-0, you can just use this dns name.

The template is like my_pod_name.my_Service_Name.my_Namespace.svc.cluster-domain.example , but you can skip the cluster-domain.example part. Only Service_Name.Namespace.svc will work fine.

ref

Improve this answer
6
  • Thanks for the elaboration that makes sense. but does kube proxy relevant here? do you know the flow in kubenet versus CNI? in Azure?
    – Eldos
    Commented Jan 23, 2021 at 15:37
  • @Elso i have updated my ans. can you please check again?
    – Emon46
    Commented Jan 23, 2021 at 16:42
  • Thanks @H.R Emon, so this is the final result which I've gathered. such as bridge CIDR that traffic is going through that acts as a switch (layer 2) and also IP forwarding. Also, if the POD A wants to talk to POD B in different nodes so NAT will take place if the plugin is configured as kubnet (PODS get logical CIDR) and will NAT the logical IP of the POD to NIC of the NODE and the component that is responsible for that acion is the kube-proxy. Let me know if you think something is not accurate.
    – Eldos
    Commented Jan 24, 2021 at 7:51
  • forgot the add the cluster IP service that is responsible for POD to POD communication.
    – Eldos
    Commented Jan 24, 2021 at 7:59
  • 1
    Thank you H.R. Emon
    – Eldos
    Commented Jan 25, 2021 at 10:04

Not the answer you're looking for? Browse other questions tagged or ask your own question.