Networking Networking in Kubernetes (KCNA Relevant) Networking is a core component of Kubernetes, enabling communication between Pods, Services, and external resources. Below are the relevant Networking topics for Kubernetes in the context of the KCNA exam: 1. Kubernetes Networking Basics: Pod-to-Pod Communication: Pods can communicate with each other within a Kubernetes cluster using their IP addresses. Kubernetes assigns each Pod a unique IP address, and Pods on different nodes can communicate with each other over the cluster network. Flat Network Model: Kubernetes assumes that every Pod can communicate with every other Pod in the cluster without NAT (Network Address Translation). 2. Services in Kubernetes: ClusterIP (default): Exposes a service on a cluster-internal IP address. This type of service is only accessible within the Kubernetes cluster. NodePort: Exposes a service on a specific port on each Node's IP address. Allows external access to the service through : . LoadBalancer: Provisioned by cloud providers to expose services externally, typically using an external load balancer (e.g., AWS ELB, GCP Load Balancer). ExternalName: Maps a service to an external DNS name, allowing Kubernetes to access external services by their DNS names. 3. DNS (Domain Name System): CoreDNS: Kubernetes uses CoreDNS for service discovery. Each Service gets a DNS entry that can be accessed using its name within the cluster. Service Discovery: Pods can access Services using DNS names (e.g., my-service.my-namespace.svc.cluster.local ). 4. Network Policies: Network Policies: Allows you to control the communication between Pods. You can define rules to allow or block traffic between Pods based on labels, IP blocks, or namespaces. Ingress and Egress Rules: Ingress: Incoming traffic to Pods. Egress: Outgoing traffic from Pods. Pod Security: Control which Pods can communicate with others, enhancing network isolation and security. 5. Ingress and Egress Controllers: Ingress Controller: Manages HTTP/HTTPS traffic into the cluster. It routes traffic based on domain name, paths, or other rules defined in the Ingress resource. Popular Ingress controllers: NGINX Ingress , Traefik , HAProxy . Egress Controllers: Manage outbound traffic from the cluster to external services. Ensures control and security of traffic leaving the cluster. 6. CNI (Container Network Interface): CNI Plugins: Kubernetes uses CNI plugins to manage networking for containers. Popular CNI plugins include Flannel , Calico , Weave , and Cilium . Networking Model: The CNI ensures that Pods on different nodes can communicate using an overlay network or other networking strategies. Network Overlay: Virtual networks that enable Pod-to-Pod communication across different physical machines or nodes. 7. Load Balancing: Service Load Balancing: Kubernetes Services can automatically distribute traffic to Pods based on service type (e.g., ClusterIP, NodePort, LoadBalancer). Ingress Load Balancing: Ingress Controllers handle the distribution of HTTP(S) traffic across multiple Pods, supporting features like SSL termination, routing, etc. 8. Network Security: mTLS (Mutual TLS) with Service Mesh: Service meshes like Istio can be used to enforce mTLS for secure communication between microservices. Network Isolation: Using Network Policies to isolate services and restrict communication between Pods. Restrict which services can access certain Pods based on labels and namespaces. 9. External Connectivity: Outbound Networking: Pods can access external services outside the cluster, managed through egress rules and NAT configurations. External IPs: Assigning external IP addresses to services (e.g., using LoadBalancer services or NodePort for external access). 10. Troubleshooting Networking Issues: kubectl commands like kubectl get pods -o wide , kubectl describe pod , kubectl logs , and kubectl exec to troubleshoot Pod networking issues. Network Diagnostics Tools like ping , traceroute , and curl to test connectivity between Pods, Services, and external endpoints.