1

Im exploring gke. I created a gke cluster through teh GCP GUI and when I hop on a node and run this command I see nothing: ip netns list

I thought k8s used network namespaces for networking? how are those network namespaces visible?

red888
  • 4,069
  • 16
  • 58
  • 104

2 Answers2

0

Question is bit old, however since that time, has been created well described tutorial about Network Fundamentals Learn Google Kubernetes Engine networking fundamentals with hands-on exercises.

There are 4 main Exercises:

  • Exercise 1: Introduction to network namespaces

introduces Linux virtual network devices. In this exercise, you configure devices, connect them, and configure the iptables rules that facilitate connectivity. This exercise also introduces techniques for interrogating the connection states.

  • Exercise 2: Introduction to GKE networking

explains the creation of a simple HTTP service in GKE. Using the techniques you learned in the previous exercise, you rerun captures.

  • Exercise 3: GCP load balancing and GKE

introduces the ingress controller as implemented by GKE, building on the load balancer service from the previous exercise.

  • Exercise 4: Visiting namespaces in GKE

demonstrates how to visit a pod's namespace directly.

In the Exercise 1 you have information about Network namespaces. As stated there, as default there aren't any.

For now, let's take a look at the configured network namespaces. There shouldn't be any:

$ sudo ip netns list

Now, let's add a namespace called demo-ns and check to see that it's in the list of available namespaces:

$ sudo ip netns add demo-ns
$ sudo ip netns list

A network namespace is a segregated network environment, complete with its own network stack.

For more details, please check mentioned tutorial.

PjoterS
  • 615
  • 3
  • 11
0

Kubernetes networking builds on top of the Docker and Netfilter, and the thing that enables network namespaces for Pods is called Pause container.

Pause container runs a very simple process that performs no function but essentially sleeps forever, and is responsible for providing network namespace that other containers can share.

Please read here the article written by Ian Lewis explaining the role of Pause Container

Nepomucen
  • 306
  • 1
  • 4
  • I am on GKE and when I look at my pods for my app or even kube-system pods I see no "pause" containers – red888 Apr 29 '19 at 15:09
  • You should be able to see it on any worker node, with output of 'docker ps' command. Please give it a try: docker ps --format "table {{.ID}}\t{{.Command}}" --filter status=running --no-trunc | grep pause – Nepomucen May 06 '19 at 12:10