Kubenetes Networking Syllabus

 COMPREHENSIVE KUBERNETES NETWORKING SYLLABUS

MODULE 1: Kubernetes Networking Fundamentals

1.1 Container Networking Basics

  • Linux network namespaces

  • veth pairs

  • Linux bridges

  • iptables fundamentals

  • IP routing basics

  • Overlay vs Underlay networking

1.2 Kubernetes Networking Design Principles

  • Every Pod gets an IP

  • Pod-to-Pod communication without NAT

  • Node-to-Pod communication

  • Container-to-Container within Pod

  • Cluster networking architecture

1.3 Kubernetes Networking Architecture Components

  • kube-apiserver

  • kube-controller-manager

  • kube-scheduler

  • kubelet

  • kube-proxy

  • CNI plugin role

MODULE 2: Pod Networking Deep Dive

2.1 Pod Network Lifecycle

  • Pod creation workflow

  • CNI ADD/DEL commands

  • IP allocation

  • Route configuration

2.2 Pod-to-Pod Communication

  • Same node communication

  • Cross-node communication

  • Encapsulation techniques (VXLAN, IP-in-IP)

2.3 Pod CIDR & Node CIDR

  • Cluster CIDR allocation

  • Node CIDR assignment

  • Dual-stack (IPv4/IPv6) 

Hands-On Labs

  • Inspect network namespaces

  • Trace Pod IP assignment

  • Capture traffic using tcpdump

MODULE 3: Container Network Interface (CNI)

3.1 CNI Architecture

  • CNI specification

  • CNI configuration files

  • CNI binaries

  • CNI chaining

3.2 Popular CNI Plugins

  • Calico

    • BGP mode

    • IP-in-IP mode

    • Network policy enforcement

  • Flannel

    • VXLAN backend

    • Host-gw mode

  • Cilium

    • eBPF-based networking

    • L7 policies

  • Weave Net

    • Mesh overlay networking

3.3 Installing & Switching CNI Plugins

  • Production considerations

  • Migration strategies

Hands-On Labs

  • Install Calico

  • Switch to Cilium

  • Observe traffic flow differences

MODULE 4: Services & Traffic Routing

4.1 Service Types

  • ClusterIP

  • NodePort

  • LoadBalancer

  • ExternalName

4.2 kube-proxy Internals

  • iptables mode

  • IPVS mode

  • nftables (modern systems)

4.3 Service Discovery

  • Endpoint objects

  • EndpointSlices

  • Headless services

4.4 Session Affinity & Load Balancing Algorithms

Hands-On Labs

  • Create services of each type

  • Inspect iptables rules

  • Compare IPVS vs iptables performance


MODULE 5: DNS in Kubernetes

5.1 Cluster DNS Architecture

  • DNS service inside cluster

  • Pod DNS configuration

5.2 CoreDNS Deep Dive

  • CoreDNS plugins

  • Forwarding

  • Caching

  • Custom domains

5.3 DNS Troubleshooting

  • DNS resolution flow

  • Debugging techniques

Hands-On Labs

  • Modify CoreDNS config

  • Simulate DNS failures


MODULE 6: Ingress & Traffic Management

6.1 Ingress Fundamentals

  • Ingress resource

  • Path-based routing

  • Host-based routing

6.2 Ingress Controllers

  • NGINX Ingress

  • HAProxy Ingress

  • Traefik

6.3 TLS & HTTPS

  • TLS termination

  • Certificates

  • Cert-manager integration

6.4 Gateway API (Next-Gen Ingress)

Hands-On Labs

  • Deploy NGINX Ingress

  • Configure TLS

  • Multi-service routing


MODULE 7: Network Policies & Security

7.1 Network Policy Fundamentals

  • Pod selectors

  • Namespace selectors

  • IP blocks

7.2 Ingress vs Egress Rules

  • Default deny strategy

  • Zero-trust networking

7.3 Policy Enforcement (CNI-based)

  • Calico policies

  • Cilium L7 policies

7.4 Advanced Security

  • mTLS basics

  • Network segmentation

  • DDoS considerations

Hands-On Labs

  • Create deny-all policy

  • Allow selective communication

  • Simulate attack scenario


MODULE 8: Advanced & Enterprise Networking

8.1 Service Mesh

  • Istio

  • Linkerd

Topics:

  • Sidecar proxy model

  • Traffic shaping

  • Circuit breaking

  • Observability

8.2 eBPF & High-Performance Networking

  • eBPF basics

  • Kernel packet processing

  • Replacing kube-proxy

8.3 Multi-Cluster Networking

  • Federation

  • Cross-cluster services

  • Global load balancing

8.4 Cloud Provider Networking

  • AWS EKS networking

  • Azure AKS networking

  • GCP GKE networking

  • Load balancer integration

MODULE 9: Observability & Troubleshooting

9.1 Network Debugging Tools

  • kubectl debug

  • tcpdump

  • Wireshark

  • netcat

  • ss

  • ip route


9.2 Monitoring Networking

  • Prometheus metrics

  • Grafana dashboards

  • Flow logs


9.3 Common Issues

  • DNS failures

  • Service not reachable

  • CNI crash loops

  • MTU mismatches

9.4 Systematic Troubleshooting Framework

MODULE 10: Performance & Optimization

  • Throughput benchmarking

  • Latency measurement

  • MTU optimization

  • IP fragmentation

  • Connection tracking limits

  • Kernel tuning (sysctl)

 

MODULE 11: Kubernetes Networking for Certifications

For CKA:

  • Services

  • Ingress

  • Network policies

  • Troubleshooting

For CKS:

  • Advanced network security

  • Policy enforcement

  • Hardening


MODULE 12: Capstone Projects

  1. Build a secure 3-tier application

  2. Implement zero-trust networking

  3. Replace kube-proxy with eBPF CNI

  4. Configure multi-cluster communication

  5. Perform live network debugging exercise


🎯 Final Learning Outcomes

After completing this syllabus, learners will:

✔ Understand Kubernetes networking from kernel level to service mesh
✔ Install and configure multiple CNI plugins
✔ Implement production-grade network security
✔ Debug complex cross-node traffic issues
✔ Design scalable, secure cluster networking architectures


Comments

Post a Comment

Popular posts from this blog

Kubernetes - Components

Image
Kubernetes is built from several core components that work together to run and manage containerized applications. These components are usually grouped into: Control Plane Components (manage the cluster) Node Components (run workloads) 1️ .  Control Plane Components The control plane is responsible for managing the Kubernetes cluster. 1. kube-apiserver The API server is the entry point to the cluster . Everything in Kubernetes goes through it. Responsibilities Exposes the Kubernetes REST API Validates requests Processes CRUD operations for resources Communicates with the cluster datastore Example operations: Creating a Pod Scaling deployments Updating configurations Flow example:   User → kubectl → API Server → etcd   Key points: Stateless Can be horizontally scaled All components talk to it   2. etcd   etcd is the key-value database of Kubernetes.   It stores all cluster state.   Stores ...
Read more

Command Line tools : nerdctl | crictrl | ctr

Container Runtime CLI Tools Runtime: containerd Used commonly in: Kubernetes 1️⃣ ctr – containerd Native CLI ✅ What It Is Low-level CLI for containerd Used mainly for debugging and advanced runtime operations ⚠ Not user-friendly (No Docker-style UX) Common ctr Commands Image Management ctr images pull nginx:latest ctr images list ctr images rm nginx:latest Container Management ctr containers create docker.io/library/nginx:latest mynginx ctr containers list ctr containers delete mynginx Task (Running Container) Management ctr tasks start mynginx ctr tasks list ctr tasks kill mynginx ctr tasks rm mynginx Namespaces (Important in Kubernetes) ctr namespaces list ctr -n k8s.io containers list When to Use ctr Debugging containerd directly Troubleshooting runtime issues Not recommended for daily use 2️⃣ nerdctl – Docker-like CLI for containerd Project: nerdctl ✅ What It Is Docker-compatible CLI for containerd Feels similar to Docker CLI Common n...
Read more

Service

Image
  The mandatory one is the port , the targetport if not mentioned will be assumed to be the same as port and nodeport will be assigned with a range between 30000 to 32767 , if not explicitly defined.
Read more