Networking is always an interesting service in any Kubernetes environment. Luckily, it is no more complicated than in other Kubernetes environments and there is already a VPC aware CNI driver installed. But keeping the service up to date is a task that is currently still a manual process.
- [Instructor] In most Kubernetes environments, networking is actually a fairly complex subject other than the fact that Kubernetes itself has a very simple networking model. In this module we're going to look at our networking file here, more networking. And all we're going to try to do is look at how the pod actually can interact with the underlying host environment. Specifically in the EKS environment we're using the VPC-CNI project so CNI is the Container Networking Initiative. It's part of the Cloud Native Compute Foundation space.
And AWS has integrated their VPC model which is providing the IP address management into that CNI model and that's great because now, not only do the individual host, the physical, well, virtual machines that all of our resources run on top of, get API addresses, but so do all the pods and all from the same class of resource. And that means that everything is potentially reachable. It also simplifies a lot of the debugging that might otherwise be embedded inside of tunnels or harder to get at and harder to understand.
So in our little example here we're going to first just launch an alpine Linux image inside of a deployment so we're going to use the kube control command to do that. So I'm going to grab this one here and this is kube control run and run will actually create a deployment for us. This is being deprecated but it's still a simple, functional way of getting a pod up and running. So now we have our deployment created and kube, if we run kubectl get pods we should see that it's up and running, great.
So now that it's up and running we can do the next two steps. One is that we're going to first, in sort of in this double stage request, we're going to find that pod and find that pod's name and then we're going to get the list of IP addresses from that pod. So we're going to just look at the yaml document output and look for the IP parameter within that so that we can just get the IP addresses and that'll get the pod address and the host address. So we can run this command, copy this, paste it and in the end we set IPs and if we echo $IPs then we'll see we have two IP addresses to work with.
Then the last command that we're going to run is going to exec into the alpine container. Which is, the command is here. It's a for loop and and what I'm going to do is I'm going to run traceroute from inside of the container against, first its external container address which is fast, and then it's going to also hit the host address, the underlying virtual machine host address and normally this wouldn't work, but in EKS, because I am using the VPC networking model, I can get directly to that underlying resource as well. And so here we see first an IP address.
This is the IP address of the pod itself that's being pinged and getting a response via traceroute and then we can also see the IP address of the underlying resource itself, the alpine container. Rather the underlying host itself is also reachable in this exact same way.
- Setting up Kubernetes on AWS
- Scaling EKS workers
- Adding EKS storage and networks
- Configuring application security
- Monitoring EKS deployments