Embedded Files
Introduction
Introduction
Laymen explanation
Laymen explanation
If you know that Kubernetes master runs its pods etc in its own namespace namely Kubernetes-system. Many times you might have used default namespace for your own application. You might be amused to know that Kubernetes API service also runs in default namespace
Technical explanation
Technical explanation
Every Kubernetes cluster is provisioned with a special service that provides a way for internal applications to talk to the API server.
To make sure we’re on the same page, I’m talking about this:
$ kubect get svc kubernetes -n default
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 161m
Purpose of this service
Purpose of this service
All Pods in Kubernetes cluster uses above cluster-IP for accessing Kubernetes API service
Above picture shows example of Kubernetes-proxy and kubelet interacting etcd via Kubernetes API server.
Properties
Properties
It comes up with the same ClusterIP, regardless of how many services may already exist in the cluster.
It will always get re-created, even when it’s manually removed
It maps to endpoint IP of Kubernetes-api-service PODs running in the kube-system namespace
Why all PODs uses this cluster IP
Why all PODs uses this cluster IP
It provides unique mapping from single IP to multiple POD of k8s api server
Kubernetes POD IP can change, but this cluster IP is always same. When this service is re-created, it automatically comes up with same cluster IP
How mapping happens
How mapping happens
Below example shows cluster IP given to Kubernetes API service running in default namespace
Also it shows its mapping with actual k8s api service POD
Kube-api-server cluster IP and POD IP
# kubectl get svc kubernetes -n default
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 231d
# kubectl get endpoints kubernetes -n default
NAME ENDPOINTS AGE
kubernetes 10.106.175.128:6443 231d
# kubectl get pods -n kube-system -o wide | grep apiser
kube-apiserver-k8smaster 1/1 Running 0 231d 10.106.175.128 k8smaster <none> <none>
Below configuration is from IPtables and it shows how NAT rule is applied
iptables mapping used to map cluster ip in endpoint IP
#iptables -t nat --list-rules
...
-A KUBE-SERVICES -d 10.96.0.1/32 -p tcp -m comment --comment "default/kubernetes:https cluster IP" -m tcp --dport 443 -j KUBE-SVC-NPX46M4PTMTKRN6Y
-A KUBE-SVC-NPX46M4PTMTKRN6Y -m comment --comment "default/kubernetes:https" -j KUBE-SEP-VDNPK4CXOQDGPWFC
-A KUBE-SEP-VDNPK4CXOQDGPWFC -p tcp -m comment --comment "default/kubernetes:https" -m tcp -j DNAT --to-destination 10.106.175.128:6443
....
Reference
Reference
https://networkop.co.uk/post/2020-06-kubernetes-default/
https://images.app.goo.gl/cQPtMHAZBWtXzY4AA
https://stackoverflow.com/questions/47523136/whats-the-purpose-of-the-default-kubernetes-service#:~:text=3%20Answers&text=AFAIK%20the%20kubernetes%20service%20in,(%20Typically%20kubernetes%20API%20server).&text=Lets%20checkout%20the%20output%20of,at%20the%20the%20Endpoint%20IP.
https://www.linkedin.com/posts/dpkumar_kubernetes-kubernetescluster-kubernetesservices-activity-6798613993020887040-b0mw
Page updated
Google Sites
Report abuse