Application architectures that leverage container-based workloads and microservices are quickly becoming the standard in enterprise production deployments. They contribute to faster and more efficient application lifecycles that can respond to the needs of the business.That said, enterprises looking to implement Kubernetes on the network have expressed concern about security, multi-tenancy, and operational complexity. Indeed, networking tends to be one of the most complex aspects of a Kubernetes deployment. To help you address the challenges before they arise, let's look at key networking considerations for Kubernetes.
Kubernetes networking 101
Kubernetes imposes some basic networking policies on its network implementations to allow for firewalling between pods within a cluster. All pods must have a routable IP address to allow universal connectivity by all other pods and hosts in the Kubernetes cluster. Kubernetes provides Container Network Interface (CNI) plug-ins to integrate the platform with the underlying network infrastructure and enable users to quickly access applications across the cloud ecosystem.
Once these fundamental requirements are met, the network stack can be implemented as routed, underlay or overlay.
Typical networking challenges
Operational complexity: Kubernetes is typically deployed across more than one infrastructure platform - public cloud, private cloud, or hybrid on-premises plus cloud. Each public cloud has its own networking and security policies, which complicates management and operational complexity and can make managing Kubernetes clusters across multiple clouds time-consuming and expensive.
Multi-tenancy: To ensure complete automation and agility, the container network must share the lifecycle of the applications deployed on Kubernetes, be scalable on demand, and support multi-tenancy. Multi-tenancy supports Kubernetes across many users, development teams, and production environments, while allowing test workloads to be isolated from production workloads.
Security: Kubernetes security is a critical component for networking deployments. However, ensuring strong network security controls for container-based workloads running in an overlay network is challenging, as these applications are not always accessible by traditional tools and container IPs can change frequently.
NSX-T simplifies container networking and offers developer-ready infrastructure
Deploying a Kubernetes network doesn't have to be difficult. As we covered in a previous blog post, VMware NSX-T integration is included in Pivotal Container Service (PKS) to address the complexity of implementing the Kubernetes network, so enterprises can capitalize on emerging app architectures faster.
NSX-T offers advanced pod-level networking functions and security features for Kubernetes clusters using the multi-tiered routing model. SDN provides on-demand network virtualization and micro-segmentation is used to isolate containers and control traffic flows securely between pods within host-specific firewall rules. This allows the control needed to sever connections if a compromised pod is detected in the network. NSX-T also automates container network connectivity, extending micro-segmentation to the WAN.
Because NSX-T is integrated with existing application development tools, workflows are quick and efficient. As developers deploy code, advanced networking and security services are automatically provisioned to support containers and microservices.
Kubernetes networking challenges solved
For enterprises ready to reap the benefits of Kubernetes on the network, PKS with VMware NSX-T simplifies deployment. Scaling your network with PKS delivers high availability, automated provisioning, micro-segmentation, load balancing, and security policy to your container environment. Learn more about how PKS brings enterprise-grade Kubernetes to VMware-based environments.