Duration: 5 days

Prerequisites:  Understanding and using linux containers and Kubernetes ver 1.1  and Understanding and using linux containers and Kubernetes ver 1.1, 2nd part or equivalent knowledge, solid networking knowledge ( including BGP )

Description:

This course describes how to implement k8s networking using Calico, MetalLB and Multus. In first part, short overview of netwoking from usage perspective is presented ( review from our general k8s course) without going to implementation details. Then, CNI and its posibilities is described in detail as it is used by Calico and other network plugins. Next, BGP implementation with bird software is explored by setting BGP connection to external router. Bird is used/automeated by Calico.  Next, Calico possibilities are presented as well as various methods of networking implementation ( IPIP tunnels, VXLAN tunnels, native routing, crosssubnet tunneling…).For methods that use BGP, BGP design is evaluated ( full mesh, bird/external route reflectors , peering to external AS instead of route reflectors etc). For external connections, method of announcing Loadbalancer addresses is also evaluated. Regarding Calico IPAM plugin, configuration of NAT/noNAT is evaluated as well as other features like pool size allocation, method of tunnelling etc. Preservation of source IP address for NodePort and Loadbalancer services is also explained and tested. Implementation of k8s NetworkPolicy as well as Calico NetworkPolicy is explored. Implementation of LoadBalancer service with MetalLB is then explained as well as different methods of configuration and interaction with Calico. In last part, we will see how to attach additional network interfaces to pods using multus. Theory from CNI lab will help here to understand how multus works and we will show how to attach interfaces on OVS bridges, macvlan interfaces nad SRIOV interfaces.

In all labs during the course, we go to implementation details to some extent to further explain important concepts. E,g, in Calico with IPIP, we look into autometed bird setup and this reveals lot of important points to consider in design.

Content: 

    • Kubernetes networking from usage perspective
      • Kubernetes – networking concepts overview
      • Lab description
      • Lab setup
      • Prepare environmnet
      • Review pod to pod and pod to external communication
      • Services – ClusterIP
      • Services – Load balancing
      • Headless service
      • ExternalName service type
      • Expose pod outside of kubernetes using Node Port
      • Service type Load Balancer
      • Ingress
      • Limiting pod network access
    • Container networking with CNI
      • CNI standalone example
      • Kubernetes CNI config
      • Program to intercept cni invocation and stdin,stdout
      • Intercepting kubelet to CNI plugin communication and analysis
      • Example with bandwidth plugin in kubernetes
    • Kubernetes networking implementation with Calico and MetalLB
      • Picture of the network
      • Software used by Calico
        • Prepare router
        • bird
      • Calico
        • Calico for kubernetes networking
        • Documentation references
        • Initial installation – IPIPCrosssubnet, operator based
        • Install calicoctl, explore
        • Prepare environment to use default namespace
        • Install pods bb21, bb22, bb25
        • Check pod communication, analyze traffic
        • Analyze Calico CNI driver implementation
        • Check calico-node, bird and protocols, bgp sessions, routes, status, filters
        • Check node id, check what happens when another address is available on node
        • Select node id – this determines interface for interpod communication
        • Default nat
        • Creating pool for no nat communication and pod that use pool
        • Prepare router r99
        • Prepare external bgp from one node to announce pool subnet
        • External connection to all nodes
        • Prepare node on different subnet and disable ipip encap
        • Disable full mesh, use external router, no overlay, nat and nonat check
          • Check communication
        • Pool auto allocation
        • Route reflectors in calico plus external bgp
        • API communication – internal ip selection
        • Api communication, opened tcp sessions
        • Current summary
        • VXLAN encap – restore original lab, prepare VXLAN CrossSubnet
          • Check routes, underlying communication
          • Disable BGP and check
          • Announcing pools to outside routers and receive routes via BGP
        • Manifest based instalation – restore original lab, prepare ipip CrossSubnet
          • Test pods
          • Internal route reflector example
        • Final – redeploy using IPIPCrossSubnet, internal route reflectors, external connection to r99, operator based
        • Prepare environment to use your namespace
        • IPPools, link to namespace or pod
        • IP or MAC address, allocate to specific pod
        • NodePort and Loadbalancer services – externalTrafficPolicy tunning possibilities
        • NodePort service – default behavior
        • NodePort service – preserving source IP and deliver only to local pods
        • Loadbalancer service – preserving source IP and deliver only to local pods
        • Loadbalancer service – default behavior
        • Exposing ClusterIP
        • Network policy
          • Network policies in k8s and Calico
          • Kubernetes network policies
          • Calico network policies
          • Calico globalNetwork policy
          • Connections from outside and source ip issue
          • Log action
      • MetalLB
        • Preparation
          • Disable Calico announcements of lb addresses
          • Allow all communication
          • Prepare snapshot of environment
        • Install MetalLB
        • Announcement using l2 mode
        • Announcement using BGP mode
        • Anouncement using BGP in Calico
    • Attaching additional interfaces to containers using multus
      • Kubernetes and CNI, initial situation
      • Multus principles, instalation and situation after install
      • Example with macvlan
      • Attaching additional interface on OVS bridge
        • Scheduling port on node without bridge
        • Scheduling on nodes with existing bridge – manual approach
        • Network resource injector approach
        • Forcing mac
        • Mirror traffic
      • Attaching additional SRIOV interface
        • Prepare SRIOV environment
        • Create VFS
        • Install SRIOV-CNI
        • Install and configure SRIOV device plugin
        • Configure multus for SRIOV
        • Create pods that use SRIOV interface