- a VPN (virtual private network) that is an entirely isolated environment
- subnets that are divided into public and private IP spaces by using non-overlapping CIDR blocks
- an internet gateway that allows access to the outside world and performs the NAT
- Route tables that permit traffic flows by typically bringing together subnets and security groups.
- a load balancer that allows incoming traffic from the internet. This differs from the load balancer as it's more the receptionist directing people rather than the security guard on the front door.
- the computers/VMs on which Kubernetes runs, called nodes.
The terminology may slightly differ but this is true for all the main cloud providers
Azure
Now, bearing in mind that this is the general concept for all cloud/K8s clusters, the recipe in Azure is:
- Create the Resource Group
- Create an identity for this group.
- Create a network for this group and identity.
Now, when it comes to the network, the steps are:
- Create the Virtual Network compatible with the resource group
- Create the subnet for the Virtual Network
- Create a Network Security Group for the resource group. This defines the inbound and outbound rules. Funnily enough, the rules in the NSG are of higher priority the lower the number.
- We associate the subnet with the Network Security Group
- We assign a role to the subnet.
Now we can set up the Kubernetes cluster if we:
- Assign the subnet to a K8s Node Pool
- Create a network profile
This last one is interesting. It's the "the reference to the network interface card" [Azure for Architects, Packt]. The network car is the actual physical hardware the packets must use but generally they're only referenced in Azure (and GCP) as virtual network interface cards (vNIC). In AWS, they're called ENIs.
No comments:
Post a Comment