Networking#

KaaS uses Calico and Flannel as a networking solution that enables internal connectivity between the Kubernetes pods and the virtual machine on which the pods run. Flannel creates a layer 2 network that makes it look as if all the pods are connected to the same subnet. Calico manages a layer 3 network and assigns IP addresses to each pod.

KaaS implements the same network concepts as described in the Kubernetes model section in the Kubernetes documentation. Here is a short summary of the model:

  • Containers in one pod share the same network namespace and can communicate with each other directly on localhost.
  • Kubernetes nodes can communicate with all containers, excluding the restricted ones by Calico policies.

Network traffic flow#

The following diagram describes network traffic flow when an external user or application accesses a pod.

../../_images/d_external_traffic_flow_pod.png

When a user or application sends a request to a pod, the request goes through the virtual router and the load balancer configured in the cloud platform and then to the pod’s network interface. Depending on your cloud environment configuration, the response returns using the same path or goes directly to the virtual router to the Internet and then back to the user. For OpenStack deployments, all responses are processed through the load balancer.