awesome-kubernetes/docs/kubernetes-networking.md

Kubernetes Networking

• Introduction
• Gateway API
• Multicloud communication for Kubernetes
• Kubernetes Network Policy
  • Cilium
• Kubernetes Ingress Specification
• Xposer Kubernetes Controller To Manage Ingresses
• Software-Defined IP Address Management (IPAM)
• CNI Container Networking Interface
  • List of existing CNI Plugins (IPAM)
  • Project Calico
• DNS Service with CoreDNS
• Kubernetes Node Local DNS Cache
• Kubernetes Sidecars

Introduction

• kubernetes.io: The Kubernetes network model. How to implement the Kubernetes networking model
• ovh.com - getting external traffic into kubernetes: clusterip, nodeport, loadbalancer and ingress
• stackrox.com: Kubernetes Networking Demystified: A Brief Guide
• medium.com: Fighting Service Latency in Microservices With Kubernetes
• medium.com: Kubernetes NodePort vs LoadBalancer vs Ingress? When should I use what? 🌟
• blog.alexellis.io: Get a LoadBalancer for your private Kubernetes cluster
• dustinspecker.com: How Do Kubernetes and Docker Create IP Addresses?!
• youtube: Kubernetes Ingress Explained Completely For Beginners
• AWS and Kubernetes Networking Options and Trade-Offs (part 1)
• AWS and Kubernetes Networking Options and Trade-Offs (part 2)
• AWS and Kubernetes Networking Options and Trade-Offs (part 3)
• medium: Service Types in Kubernetes? 🌟 A Service enables network access to a set of Pods in Kubernetes.
• containo.us: Kubernetes Ingress & Service API Demystified
• speakerdeck.com: Kubernetes and networks. Why is this so dan hard? 🌟
• opensource.com: Why I use Ingress Controllers to expose Kubernetes services Kubernetes ingress controllers will make or break your cloud architecture.
• blog.nody.cc: Verify your Kubernetes Cluster Network Policies: From Faith to Proof
• infoq.com: Kubernetes Ingress Is Now Generally Available
• Learnk8s: Comparison of Kubernetes Ingress Controllers 🌟🌟 How do you choose the right Kubernetes Ingress controller when: Not all Ingress controllers support UDP, Only Kong has a free LDAP integration, Nginx Ingress and HAProxy are the only two ingress without CRDs.
• blog.alexellis.io: Get kubectl access to your private cluster from anywhere
• jmrobles.medium.com: How to setup Hetzner load balancer on a Kubernetes cluster
• kubernetes.io: Scaling Kubernetes Networking With EndpointSlices EndpointSlices are a new Kubernetes API that provides a scalable and extensible alternative to the Endpoints API.
• haproxy.com: Announcing HAProxy Kubernetes Ingress Controller 1.5 🌟
• devclass.com: HAProxy Ingress Controller 1.5 introduces mTLS support, gives load balancing experts more power
• thenewstack.io: HAProxy Kubernetes Ingress Controller Moves Outside the Cluster
• suse.com: NGINX Guest Blog: NGINX Kubernetes Ingress Controller 🌟
• dustinspecker.com: iptables: How Kubernetes Services Direct Traffic to Pods In this article you will learn how Kubernetes's kube-proxy uses iptables to direct traffic to pods randomly. You'll focus on the ClusterIP type of Kubernetes services.
• blog.cloudflare.com: Moving k8s communication to gRPC
• tech2fun.net: K8s Nginx Ingress Handling TLS Traffic and Using Pod Readiness Probes
• K8GB - Kubernetes Global Balancer - openshift.com: K8GB - Kubernetes Global Balancer
• altoros.com: Kubernetes Networking: How to Write Your Own CNI Plug-in with Bash
• Network Node Manager network-node-manager is a kubernetes controller that controls the network configuration of a node to resolve network issues of kubernetes. By simply deploying and configuring network-node-manager, you can solve kubernetes network issues that cannot be resolved by kubernetes or resolved by the higher kubernetes Version. Below is a list of kubernetes's issues to be resolved by network-node-manager. network-node-manager is based on kubebuilder v2.3.1.
• getenroute.io: Drive API Security At Kubernetes Ingress Using Helm And Envoy 🌟
• ithands-on.com: Kubernetes 101 : External services - ExternalName, DNS and Endpoints
• ibm.com: Multizone Kubernetes and VPC Load Balancer Setup Securely expose your Kubernetes app by setting up a Load Balancer for VPC in a different zone.
• opensource.googleblog.com: Kubernetes: Efficient Multi-Zone Networking with Topology Aware Routing
• nbailey.ca: Domesticated Kubernetes Networking
• sookocheff.com: A Guide to the Kubernetes Networking Model 🌟
• build.thebeat.co: A curious case of AWS NLB timeouts in Kubernetes A debugging adventure that allowed us to solve the tail latencies our Kubernetes applications were experiencing when talking with our AWS NLB.
• dzone: Multizone Kubernetes and VPC Load Balancer Setup Securely expose your Kubernetes app by setting up a Load Balancer for VPC in a different zone.
• ingressbuilder.jetstack.io 🌟🌟 Ingress Builder allows users to select any annotation from the list of available controllers, to add to the ingress manifest.
• itnext.io: Generating Kubernetes Network Policies Automatically By Sniffing Network Traffic 🌟 This blog post is about an experiment to automate creation of Kubernetes Network Policies based on actual network traffic captured from applications running on a Kubernetes cluster - code
• medium: Using nginx-ingress controller to restrict access by IP (ip whitelisting) for a service deployed to a Kubernetes (AKS) cluster
• openshift.com: gRPC or HTTP/2 Ingress Connectivity in OpenShift 🌟
• inlets.dev: Fixing Ingress for short-lived local Kubernetes clusters
• nginx.com: How to Simplify Kubernetes Ingress and Egress Traffic Management
• blog.teamhephy.info: Running Workflow Without Any LoadBalancer
• blog.alexellis.io: Get a public LoadBalancer for your private Kubernetes cluster 🌟
• searchitoperations.techtarget.com: Differences between Kubernetes Ingress vs. load balancer To manage Kubernetes cluster traffic, admins have a few choices. Compare Kubernetes Ingress vs. load balancers, as well as the NodePort and ClusterIP service types.
• monzo.com: Controlling outbound traffic from Kubernetes
• medium: Access Application Externally In Kubernetes Cluster using Load Balancer Service Learn how to create a Pod and how to create a Load Balancer service using Kubernetes cluster. And access the application from outside.
• itnext.io: Why and How of Kubernetes Ingress (and Networking) 🌟
• techdozo.dev: gRPC load balancing on Kubernetes (using Headless Service)
• thenewstack.io: ZeroLB, a New Decentralized Pattern for Load Balancing
• ungleich.ch: Making kubernetes kube-dns publicly reachable
• ungleich.ch: Building Ingress-less Kubernetes Clusters
• thenewstack.io: Ingress Controllers: The More the Merrier
• blog.teamhephy.info: Learn how to use the Nginx Ingress controller to serve traffic over SSH with TCP load balancing
• levelup.gitconnected.com: Setting up Application Load Balancer (Ingress) for the Pods running in AWS EKS Fargate
• NGINX Ingress Controller - v1.0.0 NGINX Ingress Controller v1.0.0 released today! The biggest change is the support to stable/v1 ingress object, and dropping support to v1beta1.
• devopscube.com: Kubernetes Ingress Tutorial For Beginners
• ystatit.medium.com: How to Change Kubernetes Kube-apiserver IP Address
• monzo.com: Controlling outbound traffic from Kubernetes

Gateway API

• gateway-api.sigs.k8s.io 🌟 Gateway API is an open source project managed by the SIG-NETWORK community. It's is a collection of resources that model service networking in Kubernetes. These resources - GatewayClass,Gateway, HTTPRoute, TCPRoute, Service, etc - aim to evolve Kubernetes service networking through expressive, extensible, and role-oriented interfaces that are implemented by many vendors and have broad industry support.
• kubernetes.io: Evolving Kubernetes networking with the Gateway API
• thenewstack.io: Unifying Kubernetes Service Networking (Again) with the Gateway API 🌟 The Gateway API, formerly known as the Services API and before that Ingress V2, was first discussed in detail — and in-person — at Kubecon 2019 in San Diego. There were already many well-known and well-documented limitations of Ingress and Kubernetes networking APIs. The Gateway API was intended as a redo of these APIs, built on the lessons from Services, Ingress and the service mesh community.

Multicloud communication for Kubernetes

• developers.redhat.com: Use Skupper to connect multiple Kubernetes clusters 🌟 - skupper.io Multicloud communication for Kubernetes. Skupper is a layer 7 service interconnect. It enables secure communication across Kubernetes clusters with no VPNs or special firewall rules. With Skupper, your application can span multiple cloud providers, data centers, and regions.

Kubernetes Network Policy

• howtoforge.com: Network Policy in Kubernetes 🌟 By default, pods accept traffic from any source. A network policy helps to specify how a group of pods can communicate with each other and other network endpoints.
• medium: How to Provision Network Policies in Kubernetes | AWS 🌟
• learncloudnative.com: Kubernetes Network Policy
• bionconsulting.com: Kubernetes Network Policies
  • bionconsulting.com: Kubernetes Network Policies - Part 2
• thenewstack.io: The Kubernetes Network Security Effect 🌟 Kubernetes has a built-in object for managing network security: NetworkPolicy. While it allows the user to define the relationship between pods with ingress and egress policies, it is basic and requires very precise IP mapping of a solution — which changes constantly, so most users I’ve talked to are not using it.
• faun.pub: Control traffic flow to and from Kubernetes pods with Network Policies
• openshift.com: Network Policies: Controlling Cross-Project Communication on OpenShift

Cilium

• cilium.io 🌟 eBPF-based Networking, Observability, and Security
• cilium.io: NetworkPolicy Editor: Create, Visualize, and Share Kubernetes NetworkPolicies 🌟
• editor.cilium.io 🌟 Learn how to create Network Policies for Kubernetes using an interactive playground
• buoyant.io: Kubernetes network policies with Cilium and Linkerd
• itnext.io: Installing Cilium on Kubernetes in a fast and efficient way
• cilium.io: CNI Benchmark: Understanding Cilium Network Performance

<script async class="speakerdeck-embed" data-id="9251193501114da199d70b2a679c552f" data-ratio="1.77777777777778" src="//speakerdeck.com/assets/embed.js"></script>

Kubernetes Ingress Specification

• Supporting the Evolving Ingress Specification in Kubernetes 1.18
• medium: Ingress service types in Kubernetes 🌟

Xposer Kubernetes Controller To Manage Ingresses

• Xposer 🌟 A Kubernetes controller to manage (create/update/delete) Kubernetes Ingresses based on the Service
  • Problem: We would like to watch for services running in our cluster; and create Ingresses and generate TLS certificates automatically (optional)
  • Solution: Xposer can watch for all the services running in our cluster; Creates, Updates, Deletes Ingresses and uses certmanager to generate TLS certificates automatically based on some annotations.

Software-Defined IP Address Management (IPAM)

• IP Address Management (IPAM)
• fusionlayer.com: Software-Defined IP Address Management (IPAM)
  • Cloud computing and service automation are changing the way in which applications and data are being delivered and consumed. The existing 30-year-old networking model is failing to keep up with the automated service architectures and the Internet of Things (IoT) based on end-to-end automation.
  • To facilitate the migration to cloud-era computing, service providers and data centers must add networking into the automated service workflows. This requires agility and elasticity that traditional networking products are not designed to provide. As IT environments of tomorrow involve a plethora of orchestrators and controllers spinning up services and applications inside shared networks, they all must be managed and provisioned by a unified solution authoritative for all network-related information.

CNI Container Networking Interface

• Kubernetes.io: Network Plugins
• rancher.com: Container Network Interface (CNI) Providers
• github.com/containernetworking 🌟
  • CNI
• dzone: How to Understand and Set Up Kubernetes Networking 🌟 Take a look at this tutorial that goes through and explains the inner workings of Kubernetes networking, including working with multiple networks.
• medium: Container Networking Interface aka CNI
• itnext.io: Benchmark results of Kubernetes network plugins (CNI) over 10Gbit/s network (Updated: August 2020)

List of existing CNI Plugins (IPAM)

• Kubernetes Networking
• Overlay Network plugins:
  • Flannel
  • Weave-net
• Routed Network Plugins:
  • AWS-VPC
  • kube-router
  • Calico
  • Canal
  • VMware-tanzu Antrea
• IPAM modules:
  • dhcp
  • host-local
• Multi CNI plugins:
  • Damn
  • Multus
  • CNI-Genie

[](https://thenewstack.io/tigera-aims-ease-connectivity-pain-kubernetes/)

Project Calico

• tigera.io
• Project Calico 🌟 Secure networking for the cloud native era
• medium: Calico for Kubernetes networking: the basics & examples
• thenewstack.io: Tigera's Calico Aims to Ease Connectivity Pain with Kubernetes
• projectcalico.org: Advertising Kubernetes Service IPs with Calico and BGP
• mhmxs.blogspot.com: Autoscaling Calico Route Reflector topology in Kubernetes

DNS Service with CoreDNS

• medium: How to Autoscale the DNS Service in a Kubernetes Cluster
• thenewstack.io: Supercharge CoreDNS with Cluster Addons 🌟
• sysdig.com: How to monitor coreDNS 🌟 The most common problems and outages in a Kubernetes cluster come from coreDNS, so learning how to monitor coreDNS is crucial.

Kubernetes Node Local DNS Cache

• NodeLocal DNSCache
• Kubernetes Node Local DNS Cache

Kubernetes Sidecars

• banzaicloud.com: Sidecar container lifecycle changes in Kubernetes 1.18 🌟
• medium: Delaying application start until sidecar is ready Taking advantage of a peculiar Kubernetes implementation detail to block containers from starting before another container starts.