Hidden secrets of Kubernetes …welcome 2017

Kube — Opensource knowledge and best practices:

  1. Kube Namespace is an isolated Subnet within your Kube Cluster
  2. Each Namespace has its own Subnet CIDR range and Gateway address
  3. Each Microservice runs in its own Namespace
  4. One Namespace can run multiple Microservices
  5. Pods within same Namespace can talk to each other
  6. Pods of different Namespaces cannot talk to each other
  7. But in some scenarios, One Pod of Namespace “Payment” can talk to an Service of another Namespace “Authorize” (allow incoming connection)
  8. All Pods talk directly to Proxy running on their Host
  9. Same Host [Pod->Proxy] ->>another Pods/Service[Same/AnotherHost]
  10. Kube Labels are used for Network policy configuration [Firewall rules]
  11. Firewall rules for Kube Pods & Services can be configured using Labels, Policy Groups & IP addresses
  12. We can add a Pod or Pods to a new Policy group
  13. Set Firewall rules on Policy group
  14. Any Pod can talk to the Internet resource, but cannot talk to another Internal Kube resource [Pods or Services]

Watch : Understand Kubernetes Objects and Design