Before we go digging into Kubernetes networking, let's study the networking of Docker to understand the basic concept. Each container will have a network namespace with its own routing table and routing policy. By default, the network bridge docker0 connects the physical network interface and virtual network interfaces of containers, and the virtual network interface is the bidirectional cable for the container network namespace and the host one. As a result, there is a pair of virtual network interfaces for a single container: the Ethernet interface (eth0) on the container and the virtual Ethernet interface (veth-) on the host.
The network structure can be expressed as in the following image:
Container network interfaces on host
What is a network namespace?
A network namespace is the technique provided by Linux kernel. With this feature, the operating system can fulfill network virtualization by separating the network capability into independent resources. Each network namespace has its own iptable setup and network devices.
A network namespace is the technique provided by Linux kernel. With this feature, the operating system can fulfill network virtualization by separating the network capability into independent resources. Each network namespace has its own iptable setup and network devices.