The K8s Advanced Networking course by A Cloud Guru is fantastic, as one would expect from one of the leading Cloud education tools. It focuses on AWS EKS and has clear and concise explanations, with labs where appropriate to get some hands-on experience.
While I thoroughly enjoyed the course and the labs, I would have liked a bit more depth and discussion around the design decisions. The concepts are always explained from a high-level, occasionally low level, but to truly understand EKS Networking, further exploration is required.
What will you learn?
The chapters are well-designed, focusing around; Container Networking, K8s Networking, Ingres & Egress Concepts (accessing the cluster Network), and AWS Networking & K8s. A lot of the course is not EKS specific and the general concepts of K8s Networking are explained throughout. There are instances where EKS specifics are explained, for example when ENI’s or ALB’s are used.
If you are an experienced Network Engineer/Architect with a little K8s experience, I would skip the first chapter, “Introduction”. It’s short, so a recap doesn’t hurt, but it’s not required.
The idea of the next few sections is to cover key learnings from each of the chapters.
Container Networking
The chapter gives an overview of container Networking without K8s coming into the conversation. General container Networking concepts are discussed using Docker, which is then used in later chapters as the container orchestrator for K8s.
The section I most enjoyed was eBFP. I had some exposure to eBPF before taking this course, but it never fails to fascinate me how it helps in multiple areas of Networking. By having eBPF processes run in the kernel rather than user space can drastically increase performance and security. Truely amazing stuff!
K8s Networking
I was happy to see K8s CNI’s and more importantly Cilium uses VXLAN or Geneve to establish tunnels. This is a core concept in most data center fabrics these days, especially good for me as a (former) VMware NSX SME where VXLAN and Geneve are core components in the SDN offering.
One of the key learnings is around K8s DNS resolution, which is covered in this chapter and subsequently used throughout the other sections. I think it’s important to grasp the core concepts at this stage before moving on and understanding how it integrates with pods and services.
Accessing the Cluster Networks
If you are comfortable with Load Balancing concepts, this section shouldn’t be too difficult to pick up. I say, not too difficult because the core concepts of Load Balancing or load sharing are used, but there are several flavors to understand.
- Cluster IP - A K8s internal IP addresses that allows internal Pods to reach an internal service. This is not exposed to the Internet (unless using a Proxy).
- Nodes ports - Exposing a UDP/TCP port (30000–32767) on each Node (VM) in the cluster that forwards to a Pod on a different port (e.g. 8080).
- Headless - Load sharing achieved by providing multiple DNS records to the users.
- Load Balancer - Standard Load Balancing theories apply here. An ALB would be used in AWS to expose the services running on K8s.
- Ingress - Layer 7 Load Balancer that allows forward on sub-domains and URI’s.
I really liked Sandeep Dinesh’s article on the connectivity types. Not only because it explains the connectivity type, but it gives you scenarios where each usecase fits best. Warning it is GCP/GKE specific.
All this ends with a quick review of Service Meshes, which I enjoyed.
AWS Networking & K8s
The final chapter is very AWS centric, looking at the VPC CNI, EKS, and ALB configuration within AWS. It’s a lovely way to review all of the concepts you learned through the course with AWS specific services.