Chapter 3: Working with Networking, Load Balancers, and Ingress
Communication is governed between pods, not containers. Pod communication to service is provided by the services object. K8s doesn't use NAT to communicate between containers.
Network address translation
CNI plugins that use the overlay network, or the kubenet plugin, which uses the bridge and host-local features.
Canal, Calico, Flannel, and Kube-router.
Pods.
Userspace, iptables, and ipvs.
Virtual IPs, service proxies, and multi-port.
The spec.
GCE, nginx, Kong, Traefik, and HAProxy.
Use namespaces, RBAC, container permissions, ingress rules, and clear network policing.