20 Questions
What is the purpose of Multus?
To provide multiple network interfaces to the virtualized operating environment of the VNF
True or false: Containers within Pods are isolated from each other by the structure of the network.
False
What is the CNI plugin responsible for?
Inserting a network interface into the container network namespace
True or false: Kubernetes supports SR-IOV CNI, SR-IOV-DPDK, OVS-DPDK, and VPP workloads.
True
What is the purpose of the Container Network Interface or CNI API?
To insert a network interface into the container network namespace
What is the purpose of Multus?
To enable attaching multiple network interfaces to Pods
What is the purpose of the Kubernetes network model?
To make it easier for applications to migrate from VMs and hosts to Pods managed by Kubernetes
True or false: The device plugin is used to advertise SR-IOV network capabilities of a host.
True
What is the benefit of using a container network?
To improve performance and security for applications
What is the purpose of the device plugin?
To provide support for physical platform resource isolation
What is the purpose of the device plugin?
To resolve issues with physical platform resource isolation
True or false: A service mesh can be used to improve performance and security for applications.
True
What is the purpose of a service mesh?
To provide a secure communication between different components of a distributed system
True or false: All segments of a Zero Trust service mesh use authentication and encryption.
True
What is the purpose of Zero Trust service mesh?
To provide mutual Transport Layer Security
What is the purpose of the master plugin?
To manage the primary network interface (eth0) for the Pod
What is the purpose of Multus CNI?
To enable attaching multiple network interfaces to Pods
What is the purpose of the Zero Trust service mesh?
To establish mutual TLS between all segments, using authentication and encryption
What is the purpose of a container network?
To use multiple containers on a single machine to create a distributed system
What is the purpose of the SR-IOV network device plugin?
To provide a mechanism to advertise SR-IOV network capabilities of a host
Study Notes
- The Kubernetes network model is the foundation for understanding how containers, Pods, and Services within Kubernetes communicate with each other.
- Pods can be treated much like VMs or hosts since they all have unique IP addresses.
- Containers within Pods are like processes running within a VM or host--they run in the same network namespace and share an IP address.
- This model makes it easier for applications to migrate from VMs and hosts to Pods managed by Kubernetes.
- Because isolation is defined using network policies rather than the structure of the network, the network remains easy to understand.
- Kubernetes supports mapping host ports through to Pods, or running Pods directly within the host network namespace sharing the host’s IP address.
- The type of network a container uses is transparent from within the container, whether it is a bridge, an overlay, a MacvLan network, or a custom network plugin.
- From the container’s point of view, it has a network interface with an IP address, gateway, routing table, DNS services, and other networking details, assuming the container is not using a non-network driver.
- Kubernetes’ built-in network support, kubenet, provides some network connectivity.
- However, it is more common to use third-party network implementations which plug into Kubernetes using the Container Network Interface or CNI API.
- CNI plugin is responsible for inserting a network interface into the container network namespace. It then assigns an IP address to the interface and sets up the routes consistent with the IP Address Manager.
- Multus is a CNI plugin for Kubernetes that enables attaching multiple network interfaces to Pods.
- Multus solved the issue of Kubernetes supporting only one Pod network interface – “eth0.”
- Multus supports all reference plugins (e.g., Flannel, DHCP, Macvlan) and all third-party plugins (e.g., Calico, Weave, Cilium, Contiv).
- Multus also supports SR-IOV CNI, SR-IOV-DPDK, OVS-DPDK, and VPP workloads in Kubernetes.
- In NFV use cases, you must provide multiple network interfaces to the virtualized operating environment of the VNF.
- Multus is a CNI proxy and arbiter of other CNI plugins.
- Multus invokes other CNI plugins for network interface creation.
- A master plugin is identified to manage the primary network interface (eth0) for the Pod.
- Other CNI plugins (SR-IOV, Vhost CNI, etc.) create additional Pod interfaces (net0, net1, etc.) during their normal instantiation process.
- Multus provides multiple network interfaces to the virtualized operating environment.
- The main benefits and usage include network segregation for functional purposes to improve performance; network segregation for non-functional purposes, such as security; and link aggregation/bonding for network interface redundancy.
- CNI lacks support for physical platform resource isolation.
- To resolve these issues, the device plugin is used as shown in this diagram.
- SR-IOV network device plugin provides a mechanism to advertise SR-IOV network capabilities of a host.
- VNF application that demands high-performance NICs as resource requests can then be scheduled to this host by the Kubernetes scheduler.
- Container networks are a way to use multiple containers on a single machine to create a distributed system.
- One way to create a container network is to use a plugin called CNI.
- Container networks can be used to improve performance and security for applications.
- One way to use a service mesh is to inject it into every Pod or sidecar.
- Zero Trust service mesh requires mutual Transport Layer Security or mTLS between all segments, using authentication and encryption.
Test your knowledge of the Kubernetes network model, container networking, and the Container Network Interface (CNI) used in Kubernetes. This quiz covers topics such as Pods, services, network policies, CNI plugins like Multus, SR-IOV, VNF, service mesh, and more.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free
