Advanced services
Let's explore the IP strategy as it relates to services and communication between containers. If you recall, in the Services section of Chapter 2, Pods, Services, Replication Controllers, and Labels, you learned that Kubernetes is using kube-proxy
to determine the proper pod IP address and port serving each request. Behind the scenes, kube-proxy
is actually using virtual IPs and iptables to make all this magic work.
kube-proxy
now has two modes—userspace and iptables. As of now, 1.2 iptables is the default mode. In both modes, kube-proxy
is running on every host. Its first duty is to monitor the API from the Kubernetes master. Any updates to services will trigger an update to iptables from kube-proxy
. For example, when a new service is created, a virtual IP address is chosen and a rule in iptables is set, which will direct its traffic to kube-proxy
via a random port. Thus, we now have a way to capture service-destined traffic on this node. Since kube-proxy
is running on...