Member-only story
Demystifying Kubernetes Networking — Episode 1
In the episode 1 of demystifying Kubernetes networking, lets start from the foundation— The Linux network namespace
Kubernetes networking is an often misunderstood topic & the main reason contributing to this perception is lack of proper conceptual information which explains it from the grounds up & not just brushing on the surface.
This motivated me to make an attempt to explain this topic right from the fundamentals. Because of the vastness of this topic, I’m breaking it to multiple episodes where in each episode, I’ll make an attempt to explain a specific topic around this theme with an intention that someone finds this useful in one or the other way!
We will start our first episode on a topic which constitute the foundation of the Kubernetes networking — The Linux network namespace
Video edition of this article —
https://sanjimoh.medium.com/s1e01-kubernetes-networking-series-9d10840935f3
Linux namespace
It is one of the main Linux kernel technologies that got introduced around 2002 time frame. It was heavily influenced by Plan 9 from Bell labs & its value proposition was service isolation. In other words, on a Linux server where you are running many different services, isolating each service and its associated processes from other services brings huge benefits such as — smaller blast radius for changes, smaller footprint for security related concerns & many more..
The Linux kernel provides 6 types of namespaces:
- Process ID namespace (aka pid) — A process inside a pid namespace only sees processes in the same namespace. The first process created in a new namespace has PID 1 and child processes are assigned subsequent PIDs.
- Mount namespace (aka mnt) — With mnt namespace, it’s possible to attach a process to its own filesystem. It has an independent list of mount points seen by the processes in the namespace. This means that you can mount and unmount filesystems in a mount namespace without affecting the host filesystem.
- Unix time sharing namespace (aka uts) — It allows a single system to appear to have…
