Welcome to the Linux Foundation Forum!

Lab 3.4 - Clarification on services, endpoints, and Calico

Hey everyone, I'm looking for a bit of help understanding the following text from Lab 3.4.

Verify the service configuration. First look at the service, then the endpoint information. Note the ClusterIP is not the current endpoint. Calico provides the ClusterIP. The Endpoint is provided by kubelet and kube-proxy. Take note of the current endpoint IP. In the example below it is 192.168.1.5:80. We will use this information in a few steps.

Recall from previous labs that we install Calico and don't modify the default IP range, which seems to be:

            # - name: CALICO_IPV4POOL_CIDR
            #   value: "192.168.0.0/16"

Inspecting a pod seems to confirm that the correct IP range is being used for the pod subnet:

$ kubectl get pod -o wide
NAME                     READY   STATUS    RESTARTS   AGE   IP               NODE     NOMINATED NODE   READINESS GATES
nginx-7f456874f4-cx7wb   1/1     Running   0          16m   192.168.171.69   worker   <none>           <none>

Now, consider the service and endpoint resources:

$ kubectl get svc nginx
NAME    TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)   AGE
nginx   ClusterIP   10.111.161.113   <none>        80/TCP    113s
$ kubectl get ep nginx
NAME    ENDPOINTS           AGE
nginx   192.168.171.69:80   119s

Notice that the ClusterIP does not seem to come from the Calico IP range however the endpoint IP range does. Also, I'm not seeing any reference to a 10. range in the Calico configuration.

What am I missing about how this works? Did I do something incorrectly? My results seem to contradict the lab text. Thanks in advance for reading and any insight you can provide.

Best Answer

  • chrispokorni
    chrispokorni Posts: 2,376
    Answer ✓

    Hi @josedelarosa,

    The Pod's IP address comes from the Calico network plugin, from the default 192.168.0.0/16 range.
    The Service's ClusterIP is managed by the Kubernetes control plane from the default 10.96.0.0/12 network. Once a Service exposes a Pod, the Pod's IP address becomes part of the Service Endpoint, the reason why the Pod's IP and the Endpoint IP are the same.

    Regards,
    -Chris

Answers

Categories

Upcoming Training