undefined | Better HN

0 pointskaidon4y ago0 comments

Please take a seat and let the joys of k8s networking overwhelm your senses:

https://kubernetes.io/docs/concepts/cluster-administration/n...

And yes... Kubernetes network configuration is on a whole different level from docker networking.

0 comments

3 comments · 1 top-level

theptip4y ago· 2 in thread

To be fair, multi-node networking of any sort is on a different level than single-host docker networking.

If you ever tried to use Docker Swarm to network multiple nodes, god help you.

Also worth noting that almost all users of K8s don't actually need to operate a cluster, the hosted offerings handle all of that for you. You just need to understand the Service object, and maybe Ingress if you're trying to do some more advanced cert management or API gateway stuff.

It's a common meme around here to point in horror to the complexity that is abstracted away under the K8s cluster API, and claim that k8s is really hard to use. I think that's mostly misguided, the hosted offerings like GKE really do a good job of hiding away all that complexity from you.

Honestly I think that it's defensible to say that the k8s networking model is in most cases _simpler_ than what you'd end up configuring in AWS / GCP to route traffic from the internet to multiple VM nodes.

kazen444y ago

> Honestly I think that it's defensible to say that the k8s networking model is in most cases _simpler_ than what you'd end up configuring in AWS / GCP to route traffic from the internet to multiple VM nodes.

How is routing from the internet to multiple servers a problem?

usually, you have either one of these setups:

- you run a loadbalancer that distributes traffic across your nodes. (This loadbalancer could even be distributed thanks to BGP).

- you either run your own firewall or have a managed one, in which you either announce your IP prefix yourself, or they are announced for you by your uplink provider.

- you run an anycast setup (for, for example, globally distributed DNS). and announce multiples of the same prefix across the globe. Routing in the DFZ does the rest for you.

Streched L2 across the globe/internet is also possible (although not very performant) either by doing IPsec tunneling, or by buying/setting up L2VPN services. (either MPLS or VXLAN based).

theptip4y ago

I didn't say it was a problem. My claim was just that it's easier in GKE than in GCE/EC2.

I only mentioned multi-node because exposing a single VM to the internet is trivial -- just give it a public IP -- and thus is not an apples-to-apples comparison with the multi-node load balancing that you get from the entry-level k8s configuration of Service > Pod < Deployment.

j / k navigate · click thread line to collapse