kubernetes networking
play

Kubernetes networking with Calico Hemanth Nakkina, Solution - PowerPoint PPT Presentation

Aug 27, 2022 •818 likes •928 views

Kubernetes networking with Calico Hemanth Nakkina, Solution Architect, Ericsson Abhijeet Singh, Director, AT&T Uday T Kumar, Solution Architect, Ericsson There is no such thing as Container Networking Kelsey Hightower,

  1. Kubernetes networking with Calico Hemanth Nakkina, Solution Architect, Ericsson Abhijeet Singh, Director, AT&T Uday T Kumar, Solution Architect, Ericsson

  2. “ There is no such thing as Container Networking “ — Kelsey Hightower, Google Dev Evangelist. Title of his talk. Source: devopsnetworkingforum2016.sched.com

  3. Networking for Containers C — CNI (Container Network Interface): Specification that Sample CNI configuration { act as interface between Container runtime and "name": "k8s-pod-network", "cniVersion": "0.3.0", networking model implementations "plugins": [ { "type": "calico", "etcd_endpoints": "http://10.96.232.136:6666", Container Runtime "log_level": "info", "mtu": 1500, "ipam": { "type": "calico-ipam" }, Container Network Interface "policy": { "type": "k8s", "k8s_api_root": "https://10.96.0.1:443", "k8s_auth_token": "<auth token>" Calico Weave Romana Cilium }, "kubernetes": { "kubeconfig": "/etc/cni/net.d/calico-kubeconfig" } Basic Network requirements }, { — IPAM and lifecycle management of network devices "type": "portmap", "snat": true, "capabilities": {"portMappings": true} — Connectivity in Container network } ] — Route advertisement }

  4. Calico Architecture Orchestrator Designed to simplify, scale and secure cloud networks by Orchestrator plugin — Layer 3 based routing approach — BGP for Routes distribution — Policy driven network security implemented ETCD Database by iptable rules Components calico Felix BGP — Felix ctl client — Orchestrator plugin — Etcd Linux Kernel — BGP Client iptables routing — BGP Route reflector

  5. Calico – Deployment on k8s Helm chart - https://github.com/openstack/openstack-helm-infra/tree/master/calico Configuration updates

  6. Calico – How it works Controller C-Controller API server nginx proxy Scheduler ETCD C-ETCD busybox BGP Peer proxy Calico node Calico node Kube-dns dockerd kubelet kubelet dockerd Cali xxx Cali xxx Cali xxx Kernel Kernel Routng iptables iptables Routing enp0s8 enp0s3 enp0s3 enp0s8 10.0.2.6 192.168.81.101 10.0.2.7 192.168.81.102 default via 10.0.2.1 dev enp0s3 default via 10.0.2.1 dev enp0s3 10.0.2.0/24 dev enp0s3 proto kernel scope link src 10.0.2.6 10.0.2.0/24 dev enp0s3 proto kernel scope link src 10.0.2.7 192.168.81.0/24 dev enp0s8 proto kernel scope link src 192.168.81.101 192.168.81.0/24 dev enp0s8 proto kernel scope link src 192.168.81.102 blackhole 192.200.59.192/26 proto bird 192.200.59.192/26 via 192.168.81.101 dev tunl0 proto bird onlink 192.200.59.193 dev calidf072d3c423 scope link blackhole 192.200.203.0/26 proto bird 192.200.59.198 dev cali0aa3720a2c7 scope link 192.200.203.4 dev cali7bb4560a7c2 scope link 192.200.203.0/26 via 192.168.81.102 dev tunl0 proto bird onlink

  7. Iptablerules related to services NAT to resolve Service IP to Pod IP

  8. Thanks ! Merci !

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Kubernetes Networking and Istio Apurva Bhandari $whoami SRE / DevOps Docker &amp; Kubernetes

Kubernetes Networking and Istio Apurva Bhandari $whoami SRE / DevOps Docker &amp; Kubernetes

Kubernetes Networking and Istio Apurva Bhandari $whoami SRE / DevOps Docker &amp; Kubernetes Enthusiast Speaker at Meetups Email: apurvbhandari@gmail.com LinkedIn: https://www.linkedin.com/in/apurvabhandari-linux GitHub:

2.16k views • 28 slides
Brings OpenStack networking and storage to containers Kubernetes Neutron Networking

Brings OpenStack networking and storage to containers Kubernetes Neutron Networking

Brings OpenStack networking and storage to containers Kubernetes Neutron Networking Native OpenStack infrastructure for mixed workloads spec: podSelector: matchLabels: role: db policyTypes: -

773 views • 8 slides
Rethinking kubernetes networking with SRv6 and Contiv-VPP Abdelsalam, Cisco Systems ; ; Daniel

Rethinking kubernetes networking with SRv6 and Contiv-VPP Abdelsalam, Cisco Systems ; ; Daniel

FOSDEM 20 Rethinking kubernetes networking with SRv6 and Contiv-VPP Abdelsalam, Cisco Systems ; ; Daniel Bernier, Bell Canada ; Ah Ahmed Ab ; Rastislav Szabo, Filip Gs Gschwandtner, , Pantheon.tech ; ; Mi Miroslaw Wa Walukiewicz, ,

817 views • 68 slides
Secure Kubernetes Container Workloads with Production-Grade Networking Cynthia Thomas Irena

Secure Kubernetes Container Workloads with Production-Grade Networking Cynthia Thomas Irena

Secure Kubernetes Container Workloads with Production-Grade Networking Cynthia Thomas Irena Berezovsky Tim Hockin CIA IT operations have top secret apps for their agents, most of which require isolation Antoni is in Ops and wants to help CIA

458 views • 31 slides
Airflow on Kubernetes: Containerizing your Workflows By Michael Hewitt Agenda Kubernetes

Airflow on Kubernetes: Containerizing your Workflows By Michael Hewitt Agenda Kubernetes

Airflow on Kubernetes: Containerizing your Workflows By Michael Hewitt Agenda Kubernetes Overview 1 Airflows integration with Kubernetes 2 Deployment of Airflow on Kubernetes 3 Kubernetes Pod Operator and its benefits 4 DAG Development

2.79k views • 14 slides
Tales Of The Kubernetes Ingress Networking: Deployment Patterns For External Load Balancers 1

Tales Of The Kubernetes Ingress Networking: Deployment Patterns For External Load Balancers 1

Tales Of The Kubernetes Ingress Networking: Deployment Patterns For External Load Balancers 1 How To Access The Slides? Slides (HTML): https://containous.github.io/slides/webinar-cncf-jan-2020 Slides (PDF):

1.02k views • 49 slides
Continuous Kubernetes Security @sublimino and @controlplaneio Im: - Andy - Dev-like -

Continuous Kubernetes Security @sublimino and @controlplaneio Im: - Andy - Dev-like -

Continuous Kubernetes Security @sublimino and @controlplaneio Im: - Andy - Dev-like - Sec-ish - Ops-y Is this Kubernetes cluster secure? EPIC FAIL GIF How secure is Kubernetes? What this Kubernetes talk is about Common Pwns

1.18k views • 113 slides
Kubernetes Matthias Haeussler Mirna Alaisami Overview Overview Kubernetes is an open-source

Kubernetes Matthias Haeussler Mirna Alaisami Overview Overview Kubernetes is an open-source

Kubernetes Matthias Haeussler Mirna Alaisami Overview Overview Kubernetes is an open-source platform designed to automate deploying , scaling , and operating application containers . Kubernetes v1.0 was released in 2015. It utilizes

916 views • 52 slides
K8s or Die! You must do Kubernetes. Or should you? If so when, where, why? How?! Marco Ceppi

K8s or Die! You must do Kubernetes. Or should you? If so when, where, why? How?! Marco Ceppi

K8s or Die! You must do Kubernetes. Or should you? If so when, where, why? How?! Marco Ceppi @marcoceppi Ryan Beisner @ryanbeisner Why Kubernetes Computing in the modern age Virtual Process Machines Containers Traditional Container

516 views • 24 slides
From Laptop to the World With Kubernetes @saturnism @googlecloud #kubernetes Ray Tsang

From Laptop to the World With Kubernetes @saturnism @googlecloud #kubernetes Ray Tsang

From Laptop to the World With Kubernetes @saturnism @googlecloud #kubernetes Ray Tsang Developer Advocate Google Cloud Platform @saturnism | +RayTsang @saturnism @googlecloud #kubernetes Ray Tsang Developer Architect Traveler

1.29k views • 65 slides
Contributing to kubernetes Who am I? Senior Software Engineer at Gojek Organizer at Kubernetes

Contributing to kubernetes Who am I? Senior Software Engineer at Gojek Organizer at Kubernetes

Contributing to kubernetes Who am I? Senior Software Engineer at Gojek Organizer at Kubernetes &amp; Cloud Native Meetups in Jakarta and Bandung https://www.meetup.com/jakarta-kubernetes/ https://www.meetup.com/Microservice-JKT/ You can find

709 views • 47 slides
Developing Kubernetes Services at Airbnb Scale @MELANIECEBULA What is kubernetes?

Developing Kubernetes Services at Airbnb Scale @MELANIECEBULA What is kubernetes?

@MELANIECEBULA / MARCH 2019 / CON LONDON Developing Kubernetes Services at Airbnb Scale @MELANIECEBULA What is kubernetes? @MELANIECEBULA Who am I? A BRIEF HISTORY @MELANIECEBULA Why Microservices? 4000000 3000000 2000000 MONOLITH

1.74k views • 111 slides
Kubernetes APIs Under the Hood @pwittrock Who Am I? Phillip Wittrock (@pwittrock) Software

Kubernetes APIs Under the Hood @pwittrock Who Am I? Phillip Wittrock (@pwittrock) Software

Kubernetes APIs Under the Hood @pwittrock Who Am I? Phillip Wittrock (@pwittrock) Software Engineer at Google working on GKE and OSS Kubernetes My mission is to make using Kubernetes simple and enjoyable You might have come across me

1.12k views • 27 slides
Stateful workloads on kubernetes with ceph Agenda CaaS Kubernetes

Stateful workloads on kubernetes with ceph Agenda CaaS Kubernetes

Stateful workloads on kubernetes with ceph Agenda CaaS Kubernetes Ceph Storage Operation NVRAMOS 2019 10/28/2019 Cloud Service Model On Premises IaaS CaaS PaaS SaaS Applications Applications

660 views • 36 slides
Kubernetes Administration from Zero to (junior) Hero Lszl Budai Component Soft Ltd.

Kubernetes Administration from Zero to (junior) Hero Lszl Budai Component Soft Ltd.

Kubernetes Administration from Zero to (junior) Hero Lszl Budai Component Soft Ltd. Agenda 1.Introduction 2.Accessing the kubernetes API 3.Kubernetes workloads 4.Accessing applications 5.Volumes and persistent storage 2 (c) 2018

1.17k views • 57 slides
OpenStack on Kubernetes: Make OpenStack and Kubernetes Fail-Safe Seungkyu Ahn (ahnsk@sk.com)

OpenStack on Kubernetes: Make OpenStack and Kubernetes Fail-Safe Seungkyu Ahn (ahnsk@sk.com)

OpenStack on Kubernetes: Make OpenStack and Kubernetes Fail-Safe Seungkyu Ahn (ahnsk@sk.com) Jaesuk Ahn (jay.ahn@sk.com) Open System Lab Network IT Convergence R&amp;D Center SK Telecom Wil Reichert (wil@solinea.com) Solinea What will

1.26k views • 46 slides
Bri Bring nging ng the the Power r of eB eBPF to to Open vSwitch ch Linux Plumber 2018

Bri Bring nging ng the the Power r of eB eBPF to to Open vSwitch ch Linux Plumber 2018

Bri Bring nging ng the the Power r of eB eBPF to to Open vSwitch ch Linux Plumber 2018 William Tu, Joe Stringer, Yifeng Sun, Yi-Hung Wei VMware Inc. and Cilium.io 1 Outline Introduction and Motivation OVS-eBPF Project

429 views • 39 slides
Rethinking the Linux kernel Thomas Graf Cilium Project, Co-Founder &amp; CTO, Isovalent

Rethinking the Linux kernel Thomas Graf Cilium Project, Co-Founder &amp; CTO, Isovalent

Rethinking the Linux kernel Thomas Graf Cilium Project, Co-Founder &amp; CTO, Isovalent Remember GeoCities? 2 Cameron Askin: Camerons World What enabled this evolution? Programmable Platform Markup Only (HTML) 3 Programmability

467 views • 24 slides
SUSE Containers as a Service Platform 53 53 Why Do You Want to Invest in Containers? 54 54

SUSE Containers as a Service Platform 53 53 Why Do You Want to Invest in Containers? 54 54

SUSE Containers as a Service Platform 53 53 Why Do You Want to Invest in Containers? 54 54 What are Containers? A package/image that can be deployed anywhere (thats running a Linux Kernel) Developers create a layered image of their

996 views • 53 slides
Bri Bring nging ng the the Power r of eB eBPF to to Open vSwitch ch Linux Plumber 2018

Bri Bring nging ng the the Power r of eB eBPF to to Open vSwitch ch Linux Plumber 2018

Bri Bring nging ng the the Power r of eB eBPF to to Open vSwitch ch Linux Plumber 2018 William Tu, Joe Stringer, Yifeng Sun, Yi-Hung Wei VMware Inc. and Cilium.io 1 Outline Introduction and Motivation OVS-eBPF Project

612 views • 45 slides
Low-Overhead System Tracing With eBPF Akshay Kapoor DevOps Engineer @ SAP Labs May 2018

Low-Overhead System Tracing With eBPF Akshay Kapoor DevOps Engineer @ SAP Labs May 2018

Low-Overhead System Tracing With eBPF Akshay Kapoor DevOps Engineer @ SAP Labs May 2018 Low-Overhead System Tracing With eBPF Low-Overhead System Tracing With eBPF Low-Overhead System Tracing With eBPF You don't need to know how to operate

632 views • 26 slides
Life on Earth FROM CHEMISTRY TO BIOLOGY You re all atoms, in Earthly proportions. By number

Life on Earth FROM CHEMISTRY TO BIOLOGY You re all atoms, in Earthly proportions. By number

Life on Earth FROM CHEMISTRY TO BIOLOGY You re all atoms, in Earthly proportions. By number of atoms: H 55% O 28% C 10% N 5% Water is Special Three-quarters of the Earth s surface is submerged in water The abundance of

453 views • 29 slides
KO UNIVERSITY the perfect partner for R&amp;D http://www.ku.edu.tr ABOUT KO UNIVERSITY

KO UNIVERSITY the perfect partner for R&amp;D http://www.ku.edu.tr ABOUT KO UNIVERSITY

KO UNIVERSITY the perfect partner for R&amp;D http://www.ku.edu.tr ABOUT KO UNIVERSITY Established by Vehbi Ko Foundation in 1993 as a non- profit private university in stanbul, Ko University continually strives to: Be a center of

832 views • 13 slides
10 th Annual General Meeting 15 July 2020 IMPORTANT NOTICE This presentation shall be read in

10 th Annual General Meeting 15 July 2020 IMPORTANT NOTICE This presentation shall be read in

10 th Annual General Meeting 15 July 2020 IMPORTANT NOTICE This presentation shall be read in conjunction with Mapletree Industrial Trusts (MIT) financial statements for the financial year ended 31 March 2020. This presentation is for

436 views • 33 slides

More recommend