Kubernetes - Network - CNI - Flunnel - Day15

 
Kubernetes - Network - CNI - Flunnel -  2/5/2021 - notes

Last class, we successfully configured multi node k8s cluster


Flannel/Coredns/Context
---------------------------


1. Login to your master node
# kc get nodes

Status: Ready

kubectl (User) commands is run on master node
# kc get pods
#

high availabity cluster
- Need multiple master node
- Worker nodes are already high availabity
  - if one node goes down, pod will be created on different node.
- If master node goes down, entire cluster is down
- With respective to master node, this is a single point of failure



@
> kc get nodes
error
complain about master

> kc -h check help file

Where is your k8s master node? define here  (AWS - use public IP, at local, you can use provate)
> kc get pods --server 44/54.177.232

master node is an umpreall of the programs
- system program
- scheduler
- controller manager
- kube-api server


user connect to API-server
port # of API server is 6443

# netstat -tmlp
look for port for api-server

> kc get pods --server 44/54.177.232:6443


# kc get nodes

Kubernetes config directory
# cd /etc/kubernetes

# vi admin.conf

look for username: kubernetes-admin

PW: is so big



How to connect from your laptop
Copy the admin.conf file. or download with winscp
How?
Copy



kubeconfig file - main username and pw ..


save the file on your working directory
admin.yaml
so, keep it secure...


from your PC, run
> kc get pods --server 54.67.175.343:6443 -kubeconfig admin.yaml

you got error
BadRequest - the server rejustect ...
to fix this errror
note:

edit the admin.yaml and change the server entry from private IP to your master IP from aws.

> kc get pods --kubeconfig admin.yaml

now error is changed to x509 - certificate

so certificate is valid for old IP, now, we have to modify some values,
> notepad



@master node - look around ...
# kc config vi

looks like we have to create key ..

------------------------
Start local cluster
> minikube start

- launch virtual machione
- launch single node cluster
- creates kubeconfig file

thats why we don't see any problem...
cd .kube/; notepad config

=========================================


Master node also works as a user interface system...


LAB1                LAB2
Network1            Network2
10.20.0.0/24            10.20.1.0/24

SWITCH
- VLAN
Lab


underlay network - real physical network  - its virtual but looks real in our case
overlay - virtual network


we have to make these two lab as one - using VxLAN


# br show



Flannel is a program...
- usages VxLAN for tunneling

net-conf-jason

flannels will manage multiple worker nodes
- Distribute ...

w1 (10.240.0.1/24
w2 (10.240.1.1/24)
w3 (10.240.2.1/24)


VPC - Bignetwork -
Smaller network range - subnet

> kc
# var/run/flannel/subnet.env
Flunnel Network: 10.240.1.1/24
subnet:
IPMASQ=True


aws
# kc delete deploy --all
# kc create deploy myd --image=vimal13/apache-webserver-php

# kkc get pods
# kc get pods -o wide
# kc scale deploy myd --replicas=3
> kc get pods -o wide

flannel is a way to manage container network.

CNI Plugins
- Flanner
- calico -> another program (plug-ins)
- AWS VPC (POD will get IP directly from VPC)

if pod need IP, they contact CNI and will get IP. Admin need to set up plugins and
user does not have to worry about plugins.

Google for "kubernetes cni plugins"
- Azure CNI
- AOS
- VPC CNI
- Google
....




CSI - container storage Interface
- storage class

- NFS
- EBS



all the information is stored on a database and the name of the database is etcd

# kc get pods -n kube-system

you see etcd-ip

# kc get pods -n kube-system -o wide
#> kc get nodes
> k
scheduler
controller
etcd
api-server
are main compoenent on k8s

proxy, flannel run on all node

flunnel - manages network range

Go inside any mod
# kc get pods
# kc exec -it myd-.... -- bash
you are inside pod
# ifconfig
# hostname
# cat /etc/hosts
# cat /etc/resolv.conf # DNS client set up
Try to ping the POD
# ping myd-.....


next class - how name resolution works - coredns

============

Flannel creates one swich (bridge) - CNI

create POD and They create one inteface on worker node -
- The pod feels like the card is real card.
- This card is linked to bridge
- so all the pods are connected
- This is default behavior of docker as well.


Flannel also does the same kind of task...


# docker ps | grep flannel
# docker inspect <container>
# docker inspect <pod> | grep

# kc get -n kube-system
# kc  -n kube-system exec -it kube-flannel-ds-7... --bash
you are inside pod. now, run
# ifconfig

you will see flunnel

all virtual ethernet connected to flunnel


netspace on network is different ..


# brctl show
bridgename
cni

interface - you see multiple interfaces.
flannel contains
all network component ..


254 port ip can be run

2^8 -> 256

#