kubernetes network policy

[TOC]Introduction to Kubernetes DispatchingIn addition to having the Kubernetes cluster scheduler automatically select a node for the pod resource (the default schedule is that the resources are sufficient and the load is as average as possible), there are situations where we want to have more control over how the pod should be dispatched. For example, some of the machines in the cluster are better configur

This is a creation in Article, where the information may have evolved or changed. "Editor's note" 2016 CLUSTERHQ Container Technology application Survey report shows that the proportion of container technology applied to production has increased over the past year, and the utilization rate of 96%,kubernetes has reached 40%, becoming the most popular container orchestration tool; So what is kubernetes? It is

Resources:k8s-Network Isolation Reference Opencontrail is a open source network virtualization platform for the cloud. –kube-o-contrail–get your hands dirty with Kubernetes and Opencontrail Opencontrail is a open source network virtualization platform for the cloud.

, no longer repeat it.Third, kubernetes integrated calicoCalico is a pure 3-tier data center network solution and seamlessly integrates with an IaaS cloud architecture like OpenStack to provide controlled IP communication between VMS, containers, and bare metal.By compressing the entire Internet's extensible IP Network principles to the data center level, Calico

cluster can communicate in the same virtual network.Fannel first connects to Etcd, uses ETCD to manage assignable IP address segment resources, monitors the actual address of each pod in Etcd, and builds a POD node routing table in memory that encapsulates the packets sent to it by DOCKER0. The connection of the physical network is used to deliver the data to the target flannel, which completes the pod-to-pod communication.Fannel in order to not conf

corresponding.Modify its configuration file/etc/sysconfig/flanneld content as follows:# Flanneld configuration options # ETCD URL location. Point the server where Etcd runsflannel_etcd_endpoints="https://10.10.90.105:2379,https://10.10.90.106:2379,https://10.10.90.107:2379"# ETCD config key. This is the configuration key, which flannel queries# for address range Assignment#flannel_etcd_prefix="/atomic.io/network"Flannel_etcd_prefix="/kube-centos/

the other containers in the pod are pause networks. Kubernetes network Interface CNI and the practice of Ling que Cloud Operational personnel perspective, in the traditional operation and maintenance of the IP must have a strong control (banks, etc.), the pod needs fixed IP: Yu Yunwi, the network is very important resources, to the IP for strong control, the ser

Introduction to deploying Calico Network Calico Components: The Felix:calico agent runs on each node, setting network information for the container: IP, routing Rules, iptable rules, etc. Etcd:calico Back-End storage BIRD:BGP Client: Responsible for broadcasting Felix's routing information set on each node to the Calico network (via the BGP Proto

This is a creation in Article, where the information may have evolved or changed. Overview of related principles What is the first thing to say about the MLM? The MLM (Container network interface) is an operation container network specification, including method specification, parameter specification and so on.It only cares about the network connection of the con

The problem of network error in Kubernetes System environment#系统版本cat /etc/redhat-releaseCentOS Linux release 7.4.1708 (Core)#kubelet版本kubelet --versionKubernetes v1.10.0#selinux状态getenforceDisabled#系统防火墙状态systemctl status firewalld● firewalld.service - firewalld - dynamic firewall daemonLoaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)Active: inactive (dead) D

Article from: Listen to the Cloud blogAs our business continues to grow, our number of applications has exploded. With the growth of application explosion, the difficulty of management is increased. How to quickly complete the expansion while the business explosion is growing is a big challenge. The advent of Docker happened to solve our problem. With Docker, we can quickly complete the expansion and contraction, and the configuration is uniform and error-prone.In the Docker cluster management s

1. PrefaceKubernetes designed a special network model that deviates from the native Docker network model. In this design, Kubernetes defines an abstract concept: pods, each pod is a collection of containers, and there is a shared IP, and all containers share the same network namespace. Pods can communicate not only wit

Kubernetes Network Model A fundamental principle of the Kubernetes network model design is that each pod has a separate IP address, and that all pods are in a flat network space that can be directly connected. So whether or not they run in the same node (host), they

:2379--advertise-client-urls=http://172.22.0.4:2379 (native IP)Kube-apiserver.json--insecure-bind-address=0.0.0.05. Add nodeKubeadm Join--token b1f4c5.94d2933fea71f20b 172.22.0.4 (master IP)Modifying a configuration file/etc/systemd/system/kubelet.service.d/10-kubeadm.confAt the back of Execstart=/usr/bin/kubelet this adds--hostname-override=172.22.0.6 (node's own IP)Systemctl daemon-reload systemctl Restart Kubelet6. Install calico (at master)Download Http://docs.projectcalico.org/v1.5/gettin

Direct start:5.1, Flannel IntroductionFlannel is an overlay networking (overlay network) tool designed by the CoreOS team for Kubernetes to help each kuberentes host with CoreOS have a complete subnet. Kubernetes assigns a separate IP address to each pod, which makes it easier for Containers in the same pod to connect to each other, and flannel to set a subnet fo

The previous blog has introduced the deployment of a simple kubernetes cluster, but the cluster environment does not have a reasonable network configuration. In the actual production to realize the communication of the components in the cluster, it is necessary to use the network plug-in provided by the third party.Flannel binary Installation1. Download Fannel co

Kubernetes section Volume type Introduction and YAML sample--NFS (network data volume) DescriptionNFS volumes allow existing NFS (network file system) shares to be mounted in your container. Unlike Emptydir, when the Pod is deleted, the contents of the NFS volume are retained and the volume is simply unloaded. This means that the NFS volume can pre-populate t

Network Policy is a resource for Kubernetes. Network Policy selects the pod by Label and specifies how other pods or outsiders communicate with these pods.By default, all pods are non-isolated, meaning that network traffic from an

Configuring the Flannel serviceRepeat the k8s installation section Flanneld related content Step 1: Nohup./flanneld--listen=0.0.0.0:8888 >>/opt/kubernetes/logs/flanneld.log 2>1 110 Start server process on host Nohup./flanneld-etcd-endpoints=http://192.168.161.110:2379-remote=192.168.161.110:8888 >>flanenl.log 2> 1 #各minons结点上启动flanneld /** set up subnets on the ETCD server * *Etcdctl set/coreos.com/network