The Kubernetes networking model creates a virtual network that is accessible to all pods within the cluster. Weave Net is one of several tools that provide an implementation of the Kubernetes networking model. In this learning activity, you will learn how to configure a Kubernetes pod network using Weave Net. After completing the activity, you will have hands-on experience implementing networking within a Kubernetes cluster.
Learning Objectives
Successfully complete this lab by achieving the following learning objectives:
- Enable IP forwarding on all worker nodes.
In order for Weave Net to work, you need to make sure IP forwarding is enabled on the worker nodes. Enable it by running the following on both workers:
sudo sysctl net.ipv4.conf.all.forwarding=1echo "net.ipv4.conf.all.forwarding=1" | sudo tee -a /etc/sysctl.conf- Install Weave Net in the cluster.
Do the following on the controller server:
Install Weave Net using a configuration from Weaveworks like this:
kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d 'n')&env.IPALLOC_RANGE=10.200.0.0/16"Verify that everything is working:
kubectl get pods -n kube-systemThis should return two
weave-netpods and look something like this:NAME READY STATUS RESTARTS AGE weave-net-m69xq 2/2 Running 0 11s weave-net-vmb2n 2/2 Running 0 11sSpin up some pods to test the networking functionality:
a. First, create an Nginx deployment with 2 replicas:
cat << EOF | kubectl apply --kubeconfig admin.kubeconfig -f - apiVersion: apps/v1 kind: Deployment metadata: name: nginx spec: selector: matchLabels: run: nginx replicas: 2 template: metadata: labels: run: nginx spec: containers: - name: my-nginx image: nginx ports: - containerPort: 80 EOFb. Next, create a service for that deployment so that we can test connectivity to services as well:
kubectl expose deployment/nginxc. Start up another pod. We will use this pod to test our networking. We will test whether we can connect to the other pods and services from this pod.
kubectl run busybox --image=radial/busyboxplus:curl --command -- sleep 3600POD_NAME=$(kubectl get pods -l run=busybox -o jsonpath="{.items[0].metadata.name}")d. Get the IP addresses of our two
nginxpods:kubectl get ep nginxThere should be two IP addresses listed under
ENDPOINTS. For example:NAME ENDPOINTS AGE nginx 10.200.0.2:80,10.200.128.1:80 50mMake sure the
busyboxpod can connect to thenginxpods on both of those IP addresses.kubectl exec $POD_NAME -- curl <first nginx pod IP address>kubectl exec $POD_NAME -- curl <second nginx pod IP address>Both commands should return some HTML with the title
"Welcome to Nginx!"This means that we can successfully connect to other pods.Now let’s verify that we can connect to services.
kubectl get svcThis should display the IP address for our Nginx service. For example, in this case, the IP is
10.32.0.54:NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.32.0.1 <none> 443/TCP 1h nginx ClusterIP 10.32.0.54 <none> 80/TCP 53mCheck that we can access the service from the
busyboxpod.kubectl exec $POD_NAME -- curl <nginx service IP address>This should also return HTML with the title
"Welcome to nginx!"
Getting this response means that we have successfully reached the Nginx service from inside a pod and that our networking configuration is working!
