 Hello everyone, I'm Gautam Verma, a junior software developer from Indore, India. Currently, I'm a software developer at ETH India Fellowship and a mind-direct Google Summer of Code 2023 under the Liquid Galaxy Organization, where I'm mentoring the various students in helping them contribute to an open source. And recently I've been working with various open source organizations like and programs like Google Summer of Code 2022 and 2021. And I'm also a contributor at Summer of Bitcoin 2022. And apart from the developing works and the coding ecosystems, I have been involved in the technical content, the writing and the documentation development under the GeeksforGeeks. And at there I develop lots of content for students who wants to learn a core concepts of programming languages and wants to learn more about the technical stuff. At there I've designed a lot of technical content for a student and helped about 10,000 students to understand the core concepts of programming languages and the networking stuffs. Currently, I'm a pursuing master from Dewey LA University and in a final year I'm going to graduate in 2024 in April. And I'm also seeking for a full-time jobs in the cloud infrastructures or in the junior level or a back-end level. Because of my working experience in various fields, I have an ability to customize myself in any field at the initial level. So I'm looking for a job. If you have any openings, please get me touched by email. I mentioned the QR code in the bottom of my presentation slides. So you can find it and please reach out to me if you have any openings in your companies. And if you are hiring for any tool which is related to software developments and the documentations and development related. So for today we are here to discuss about the various options that is available for networking in Kubernetes. And for this, I have designed a particular agenda for discussing about the Kubernetes and Networkings. Why Networkings and importance of networking, like why we are doing networking inside of Kubernetes and the various options that is available for networking in Kubernetes. And that are our major, major, like the major point of discussions, like what options are actually available for Networkings and how to select the best option for working. Because the thing is there are various tools and system that is available for networking. But we are not going to use all of them for our project, right? So our main task is to identify which systems or a protocol is best for our project. And according to that we will select our networking tools for our Kubernetes environment. So I will try to figure out some parameters that can help you to select the best network option for working in Kubernetes environment. So let's move ahead. So before understanding about the networking in Kubernetes, it is good to have a brief intro about what actually Kubernetes is and what is networking. Because probably this isn't sessions for a beginner and intermediate level. So there is a basic definition about Kubernetes for the beginners like Kubernetes is also known as K8S. It is commonly abbreviated as K8S and it is an open source container or orchestration platform that basically automates the deployment, scaling and management of containerized applications. The Kubernetes is actually developed by Google and now it is maintained by the Cloud Native Foundation, which is also known as CNCF. And the thing is in simple terms, if we say the Kubernetes allows you to basically manage and automate the deployment and scaling of your applications across the clusters of computer. By doing this, it becomes more useful for a developer and to hold entire team to control and manage their development and deployment process. Because if we do all the things by like standalone environment and it becomes a hard work to manage all the things together and to take care of all the things at a different unit. So as I said, it helps us to deploy and manage the content applications and it basically provides an abstraction layer that allows you to define your applications and their dependency in a declarative way. So that we don't have any undeclared or any ambiguous things inside of our environment. This actually makes it easy to deploy and manage the applications across the multiple environment. And like one of the other features of the Kubernetes is scale applications, which automatically scale your applications based on demands and you don't need to worry about manually scaling up or down traffic. It can perform all the stuffs automatically. And along with this, it provides the monitoring features like there are very various wider values of tools that provide you the logs and metrics and health checks. And with the help of this components, we can easily monitor our node and figure out if there any problem is existing in our future in features or in our systems. By using these tools, we can also prevent our applications from any unwanted security breaches and any unwanted issues that may cause you to any problem or any minor bug that can cause a huge problem. And apart from this, the main thing that Kubernetes provide is actually update. Like Kubernetes have a great community and they are building the features day by day and can increase the reliability of the Kubernetes environment rapidly. So this is the best way to deploy or manage your applications in containerized manner. So that's all about the Kubernetes. Let's move further about the networking with KHS, which is basically networking with a Kubernetes. So in Kubernetes, networking is can be says that the fundamental concept that enables the communication between different component of distributed applications that is running actually on the Kubernetes clusters. And by this, it's provide a powerful networking model that allows containers and service to communicate with each other across the multiples nodes in the cluster. So cluster is nothing but a group of virtual machines or group of computer that is working together and ensuring some informations and running the application for it. So it is crucial component for managing containerized applications which allows to communicate with each other as I said that and within the external networks. So whenever we need to communicate with external networks, we need to have some networking so that we can find a path or route to share the data or communicate with each other. There are some basics concept in scuba net is like the pods services, labels and selectors and and support like networks plugins. So it is good if we have the basic understanding of the components like what is cluster. So as I said that a cluster in Kubernetes is states to be a node. You should usually refer to a physical or virtual machines that works together to run a container like to run a containerized applications. And a cluster typically includes the control plane which manage the overall states of the clusters and one or more worker node which runs the containerized applications. And the another component of the networking is a container. So container is can be said lightweight a portable unit of software that includes everything that is needs to run an applications like including coding code dependency comments and learning the running environments. And the things are the unique things about the container is that it provide a consistent run times environment that can be easily moved between different systems and platform. So this is the most unique thing I like about the container that it can be a portable or easily moved between the different systems and platform. And the third component is basically known as port as I said that a post is the smallest deployable unit in Kubernetes and it is represented as a single instance of a container. And ports are usually like used to group one or more container together and provide a shared network and stored environment among them. And we see that CNI CNI basically stands for the container network interface which is which is like a standard for a configuring network interfaces for Linux containers. And the CNI plugins are used to provide networking capabilities for container in Kubernetes such as isolations load balancing and service discovery. So load balancing is somewhat like dividing the load across the multiple nodes and so that work load doesn't becomes hard or like they didn't over a single load. So the workloads divided into a into several nodes so that they can divide their work and perform very well in their services. And the last component is known as the Ingrace which which is like which provides a way to expose HTTP and HTTPs, HTTPS routes from outside the cluster to services within the cluster. Like basically it's provide the routes from outside the cluster to services within the cluster. And Ingrace can be used to configure a lot balancers or a reverse proxy that routes traffic to the appropriate service based on the requested URL. So like this this all are the major components that is required while while we do a networking with Kubernetes and yeah, that's all about the networking with Kubernetes. So now you guys might be thinking about why we need networking and what is actually importance of networking in Kubernetes. So the thing is networking space is a critical aspect of building and deploying the standardized applications in Kubernetes. And there are some reasons why networking is important in Kubernetes. Firstly provides the communication between containers because without containers like there is no means of communications and like no sharing of data between the containers and cluster that is actually deployed across a multiple nodes. So they need to have a communication with each other in order to provide a concept applications and with the help of networking it provide a way for a container to communicate with each other and even if they are running on different nodes. So yeah networking is is like it's essential for having a communication between between the nodes and containers and it's it's like if we use the networking it's provide the supports of load balancing. And as we all know that the load balancing space and important role while we are running applications or while we are running a big application of our systems. Kubernetes services like can be used to distribute a network traffic across a set of ports and by performing the same functions and this provides a load balancing capability that can help to ensure that applications are responsive and available for a user to use it. So that's the whole reason why networking is more important in Kubernetes. So yeah, here are the main part of our presentation starts and hopefully you guys are enjoying my presentations. So let's see the like in this presentations we will discuss the four options that are available for networking in KADS that is the CLIMS, Calico, Lendal and V. All this four are the open source and managed by the different organizations and the CLIM is actually on one project of cloud native, but the three are the different belongs to the different open source organizations. So it is good if we if we talk about one by one what actually CLIM is and the use cases of CLIM the features of CLIMs and the architectures of all this all these options and at the end we will discuss on how to select the networking options. So let's see one by one. So CLIM is basically as I said that it is an open source projects that provide a networking and security for a continuous application that is running inside of Kubernetes clusters. It is basically designed to provide a high performance scalable and secure networking for micro services beta based applications. Like as nowadays if we are using or like having having applications that runs the micro services based though it is good to use the CLIMS for for for the networking because because the thing is at the high level CLIMS extend the Kubernetes API with the networks and security policies and it also uses the EBF which is extended Berkeley packet filtering and this basically provides a fasted and efficient packet filter forwarding which is actually a need in the today world to do a packet filtering in an efficient manner and also provide the forwarding mechanism. And this basically this basically also allows CLIMS to provide the advanced networking features like service discovery and the load balancing and net for segmentation. So if like the thing is the CLIMS provide the more than enough advanced features to handle our applications and and to provide the basics or advanced network that is actually required for running the big or like the heavy weight application that includes the a lot of micro services and the part from the security features like micro segmentations it also have the increase encryptions and and hopefully you guys are aware of aware of that the distributed the services. So CLIMS have and the protection policies against the DOS and it provide our applications from such type of attacks. And as I as you can see that it provides the provide the features of service load balancing and scalable Kubernetes CNIs which means that we can scale up scale down the applications without having any any any like major problem or without having having any any complexity by scaling or scaling up scale down the Kubernetes CNIs and it also provides the features of multiple cluster connectivity means that we if we want to connect our cluster with any with another cluster then we can easily do that with the help of the CLIMS. The things which excites me the most about CLIMS is it's provide the more than enough information for a developer who wants to work with it and they have a really in detail in in detail information about each and every features they they provide like if user wants to provide a multicast cluster connectivity in the systems they have their separate documentation for for for this and and inside of this they will they have like more than enough information about how which how you can how you can cluster your connectivity is with multiple clusters and and yeah it also includes all the exceptions that may occurs while while like while while connectivity and the thing is you will find more than any more than enough information about the working of environment. Like I would like to like share some features or like like key features that CLIMS includes is is like there is a layer seven visibility on inside of CLIMS so it's provided the visibility into applications level topics including the ability to view and analyze the API scores RPCs and database queries so this is also unique features of CLIMS basically it provide transparency for a developer to to to see like what actually is is going behind of the process and what actually the things actually looks like like API scores and RPC and database query so and as I said it is provided distributed Daniel service protections and like it prevent the system from this attacks by by rate limiting and IP blocking and packet filtering techniques and yeah actually it uses this technique to prevent applications from DDoS attacks and as like this the systems provide the communications across or like provide a networking across the cluster so it is important to provide a secure communications so the thing is CLIMS supports the encrypted communications between services using the TLS and it it also enforce mutual TLS authentication service between between the clusters and and yeah this is all about the features and basic control of the CLIMS and now let's see how the what's how the architectures of CLIMS looks like so as you can see that in the architectures of CLIMS interact with it basically like consider of major components like a network policy policy service and load balance things flow and policy logings and the matrix to monitor or to monitor the node like with the help of from MTS and Grafana and that the like the like this architectures work in the flow like a users interact with the Kubernetes API server to deploy applications or to modify the network security policies for the application then the Kubernetes API server communicates the changes to the CLIMS network policy engines then the CLIMS network policy process the changes and generate a set of networks and security policies and after doing this CLIMS agents programs EBFF EBPF to enforce the policy for all incoming and outgoing traffic to the contractor running as a node as traffic flow between the container in the clusters EBFF filter and forward the packet forwarding to the policies and the thing is if the packet is blocked by EBF the CLIMS client logs the event and can officially send an alert to an external systems like SIEM or like a logging solution which is provided by the Grafana Prometheus so this this is all about the textures of the CLIMS so another options for the networking is Calico which is developed by the Tegara and it's provided like it is also an open source networking options and provide a security solutions for the containerized application then cloud netting environment and it provide a highly scalable flexible network fabric that connect the control applications running on a multiple nodes and clusters this architecture is basically based on the distributed control plane where each node runs an agent that communicates with another agent to distribute the network policies and routing information and the major features of this this this tools is interpolate interpolatability network policies and optimized performance and like it like while we're talking about the network policies inside of Calico it provide a full Kubernetes network policy supports with work with the original reference implementations of Kubernetes network policies which means that this is more aligned with the network this this tool is actually more aligned with the network policies which is actually originally implemented by the or like originally adopted by the Kubernetes and one more thing about this it also supports the wire card in encryption so it it like it like it can be said that extended version or extended term that provide a high high network policies for and high network securities in the communications and provide an interpolate interpolatability which means that it will be able to work to work with the known known Kubernetes workloads also so so it it means that it is compact able it is like more compact able as comparing to like another tools. So here the architecture states that we are having the two nodes node one and node two which is connected by the control plane nodes inside of node one we have the Calico and inside of node two we also have a Calico which enforcing the policy with each other so there is a basic working features of the Calico this this like this diagram states more than I and more than I explain about the Calico so the another option is Flannel so Flannel is Flannel is also an a network fabric that actually provides the communication between the container applications and the the things is the it overlays networks is implemented using a variety of back end options which actually including the XVVX LAN which is virtual extended LAN and UDP protocols or or can be said connection less protocol user data come up packets it is it is actually the ideal choice for a medium-sized Kubernetes cluster cluster or a medium-sized product without having any complexity of advanced features suppose if we want to work with like we are working with the project which we do not require any advance working or advance involvement of networking so Flannel is a good choice for for for using for use and like there are like there are some components of Flannel is like Flannel ID, ADCD and in collaboration method. Flannel ID is nothing but the main daemon that that managed the Flannel networks on each node in the Kubernetes clusters as you can see that in this diagram there is a Flannel ID which representing the complete node and here we have also Flannel ID which which representing this this node and ADCD is basically a distributed key which is stored by a Flannel to store and retrieve the information configuration about like a network configuration information like what is IPRS of systems and and the configurations which is usually come inside of networking and the third component is in capitalizations method and this method is basically used for routing and IP packets between the nodes and that actually includes the UDP and XLAN and host GB. So we can say that this are the major like major components of the Flannels and this option is basically great for great choice for a mid medium to medium to small size projects which which do not involve like any any advance or like any like any like which do not involve any advanced networking. We want to work with some basics component we can use the Flannels for our best. All the Flannels have an capability to perform or handle the high project and large project but it is good for a small and medium sized project or can be said that idea for a small and medium sized project. As we can see the cluster which are having the Flannels ID and there they are communicating via xvxlan tunneling that is a virtual extend extendable LAN which can be a virtual extended extendable. For this presentation that is VueNet and it also helps to communicate like to like to perform a communication between cluster in Kubernetes it basically create a virtual network that connects the Docker containers across multiple host and provide the DNS IMAP distributed virtual firewalls and other subsystems and it is actually a system that is that is more more attached with the Docker containers. And and and and like it also automates the recovery and enhance the securities of the communications. This basically provide a major three features that according to me it's a major three features for for working environment and and desired like needs in the working environment like multi casting networking in the virtualization method and resalience and scaling. The resalience and scaling is the concept which is provided by the VueNet to resalient and adaptable like to provide a resalient and adaptable containers network that simply like simplifies the connectivity and security for a distributed application across across a diverse environment. So resalience is a is is more like important or like like important while we are doing a networking because because in like while doing a networking it is OK to share communications or like it like to share information between the nodes but apart by like along with the sharing and communication it's also to provide a great security while having having in the like communication. Otherwise there is no make like like otherwise it makes no sense in the like in the today world. So it is important to have a resalience and scaling in inside of for network options. And apart from this it provide the multi casting networking also. So it uses a multi casting DNS and GI may be to efficiently perform the multi casting inside of the network. And the other thing is it provide encapsulation method also which is VX LAN with the help of VX LAN encapsulation method to create an overload network for connecting the containers with each other. So this is all about the view net. And now let's talk the final opinion and like the final point about the presentation like which one is the best options and how to select the networking options. The thing is like all of them all of them all of them are working very well in their own manner. The thing is what actually you need and your project needs to have inside of like like for working each of them having the great security each of them provide a high reliability each of them have their own working environment each of them having a great community supports each of them having like having a pattern of their working each of them represent uniquely in in the network options. So basically, you need to select according to your according to the desire of the project and according to the requirements of projects like the like the Calico like when we talk about the architecture, the Calico use the BGP based distributed control panel planed by the ceiling use EP BF based hybrid data planes and then will use overlays and uses the VX LAN and view overlays uses the proprietary protocols. So each of them are doing a different protocols for working. So it is your choice to like which architecture where which you want to use and which you want to use inside of your project. When we talk about the scalability, the Calico provide the highly scalable and support large supports of clusters with the high note densities and see them also provide the high scalable support clusters and high note density. But while we're talking about the flannel we have the limited scan is like scalability for a for a large cluster as we discussed that it is a ideal choice for him for project from small to medium and view view also provide the highly scalable supports large and high density notes. And while we're talking about the security purpose and like like Calico supports the network security policies encryptions and workload identity, while the ceilings have the ports of zero trust networkings and support the EP BF based quality informants. This like ceilings basically are like more like like it's provided more security is going to the other other other networking options. And if we talk about the flannel in the like in the respective of security to add the basic security features which provide the supports of network isolations and the encryptions of the communications and views provide security features and policies workloads and but like sorry the workload identity and also having a network policy encryptions. So you have need to define the policies for this and and use accordingly to your position or requirements and needs. We have some other parameters also like performance easy of use and integrations community supports. While we're talking about about the performance and like the CDMs Calico and view have the high performance. And because of their architectures and then encapsulation then like packet processing methods and micro processing service by the flannel having also having a having a good performance if we if we use the if we if we if we use flannel in the medium or a small project but if we use the flannel in the high high high or like large project it might create a big problem for like no not actually the problem like heavy weight or like it may affect the performance if we if we use the heavy weight right and the thing is easy of use and integration is like like like a Calico provider good in like in the integrations with the with the Kubernetes and the cloud provider and it is also easy and deployment and configuration also and the CDMs provide a good integration with Kubernetes I should owe and other tools and it is also an easy deployment and configurables. The thing is the things about the view is also similar to the Calico and CDMs and the flannel is also like lightweight and simple and it is also an easy to deploy and like there is no any hard or like is like there is no any any problem that cause a while using a while integration this this tool because all of them are having a great documentations and community support and the things are already updated and all the bugs are actually they are they are removing from if there if there is any bug or any issue or they are actually like like continuously developing or removing the issues from the code base and providing the best solution for the user who are using this networking tool inside of Kubernetes. So the thing of best choice overall I will say that it's all depend on you like which tools you want to use because my personal view with like my personal opinion for all of them are really good because all of them are having a great and unique like functionality. It's all depends on the requirements of projects right and by using this this parameters like performance and the scalability security and architectures we can easily select the best options for for our project and use those inside of our Kubernetes network. If you have any questions you can reach out to me via emails here I have attached a QR code to my emails and yeah that's all about my presentations I hope you like my presentations about the wages option that is available inside of Kubernetes and Kubernetes networkings I hope you like my presentations and the thing is this time I am supposed to give the virtual presentations because of some issue in my visa process and hopefully I will be able to deliver the presentation in in in person as an in person in the coming event in North America which is the cloud native in North America 2023 probably that event is going to be in the November if I'm not wrong yeah that is in the November hopefully to see you guys there and yeah please the thing is at the last I want to say that as I'm the student and studying in the final year I'm seeking for a job if you have any job please I mean reach out to me I love to have connection with you and discuss the role if there is any available for it thank you so