Kubernetes Networking

AdvancedContainers
CNIkube-proxyNetworkPolicyCalico

Objective

Understand Kubernetes networking model, CNI, and NetworkPolicies.

Tools & Technologies

  • CNI
  • kube-proxy
  • NetworkPolicy
  • Calico

Key Commands

kubectl apply -f network-policy.yaml
kubectl get networkpolicies
kubectl exec -it pod1 -- curl pod2-ip:8080
kubectl get endpoints

Lab Steps

01
CNI Concepts

Understand how Container Network Interface plugins enable pod networking.

02
Pod-to-Pod Communication

Verify direct pod-to-pod communication across nodes.

03
NetworkPolicies

Write NetworkPolicies to restrict pod communication.

04
Service Mesh Intro

Explore basic service mesh concepts with Istio or Linkerd.

Challenges Encountered

  • NetworkPolicy requires CNI that supports it (Calico, Cilium)
  • Default-deny policies block all traffic including DNS

Key Takeaways

  • NetworkPolicies are additive — multiple policies are OR'd together
  • Include a default-deny policy then explicitly allow required traffic