K8s and Docker

gistfile1.txt

K8s and docker

Official document?
from this link
Kubernetes combines the network space of all its pod containers by using the –net=”<container-name>|<container-id>” setting in docker.
This setting enables one container to reuse another container’s network stack. K8s accomplishes this by creating a pod level holding container with its own network stack and all of the pod containers are configured to use reuse the holding container’s network space.

It is important to note that in k8s each pod i.e. a group of containers, has an IP address. This is different from the networking model in docker in which each container has its own host private IP address. In order for k8s networking to work, the pod ip addresses must be made routable without NAT. This means two things:

a) When a pod container communicates with other containers in other pods, the traffic must be routed directly without NAT

b) When a pod container communicates with the IP address of the VM, the traffic must be routed directly without NAT

In order to accomplish this, as a first step, the default docker bridge named docker0 in each node is replaced with a linux bridge named cbr0. An IP block is allocated for pod networking across all nodes say a /16. This block is subnetted and a node-to-pod cidr mapping is created in the settings file. In the above digram, I have allocated 10.1.0.0/16 for pod networking and created a mapping as below:

node1 : 10.1.1.1/24

node2: 10.1.2.1/24

nodeN: 10.1.n.1/24

CIDR (Classless Inter-Domain Routing, sometimes called supernetting)
IP blocking is a form of security used on mail, Web or any other Internet servers to block connections from a specific IP address or range of addresses that are considered undesirable or hostile.