Networking – PaaS Compute Options

Networking – PaaS Compute Options

Networking is crucial in AKS because without networking you will not be able to establish communication between the components. As you saw in Figure 9.16, the Kube-proxy service running on each node is responsible for providing inbound and outbound connectivity for pods.

In Kubernetes, a service is responsible for providing different connectivity and load balancing options for the pods. Complex networking configuration can be applied using ingress controllers. Traffic filtering and security can be controlled using network policies. Services in Kubernetes group pods together and provide them with connectivity; there are different types of services available in Kubernetes.

• ClusterIP: Creates internal IP addresses for communication within the AKS cluster. This is ideal for internal communication between components. This is the default service type (refer to Figure 9.17).
• NodePort: Creates a port mapping from a port in the node to port in the container (refer to Figure 9.18). Users can access the component by navigating to <Node IP>:<NodePort>.
• LoadBalancer: Creates an internal/external Azure Load Balancer and adds the pods to the backend pool. External traffic is routed to the pods based on the load balancing rules (refer to Figure 9.19).
• ExternalName: Maps the service to a DNS name.

FIGURE 9.16 Components of a customer-managed node

FIGURE 9.17 Cluster IP

FIGURE 9.18 Node port

FIGURE 9.19 Load Balancer

The IP address for the load balancer is provided by Azure and can be dynamically assigned, or you can specify one of the existing static IP addresses. You can create an internal or external load balancer. Internal load balancers will have only a private IP address and cannot be accessed from the Internet. Any Internet-facing workloads should use an external load balancer.

When you deploy clusters, you can choose from the following network models:

Kubenet  Using Kubenet, nodes receive an IP address from the virtual network, and pods receive an IP address from a different address space that is managed within the cluster. Network address translation is configured to translate virtual network IP addresses to internal IP addresses.

Azure CNI (Advanced Networking)  With Azure CNI, pods and nodes receive an IP address from the Azure virtual network. Because of this, the pods can be accessed directly. Since every pod gets an IP address from the virtual network, chances of IP address exhaustion are high. Hence, you need to plan your virtual network address space carefully. The IP addresses for the nodes will be reserved up front to avoid issues during scaling.

Now you will learn how storage is configured in the AKS cluster.