kubeskoop-deal-with-the-complexity-of-network-issues-and-monitoring-with-ebpf-kubeskoopdaepzhi-ebpflia-jie-zhang-xie-lin-relai-zha-yutong-li-alibaba-cloud-bingshen-wang-alibabacloud.pdf

《kubeskoop-deal-with-the-complexity-of-network-issues-and-monitoring-with-ebpf-kubeskoopdaepzhi-ebpflia-jie-zhang-xie-lin-relai-zha-yutong-li-alibaba-cloud-bingshen-wang-alibabacloud.pdf》由会员分享，可在线阅读，更多相关《kubeskoop-deal-with-the-complexity-of-network-issues-and-monitoring-with-ebpf-kubeskoopdaepzhi-ebpflia-jie-zhang-xie-lin-relai-zha-yutong-li-alibaba-cloud-bingshen-wang-alibabacloud.pdf（27页珍藏版）》请在三个皮匠报告上搜索。

1、KubeSkoop-Deal with the Complexity of Network Issues and Monitoring with eBPFYutong Li,Alibaba Cloud Bingshen Wang,Alibaba CloudAgendaThe complexity of Kubernetes NetworkingIntroduction to KubeSkoopKubeSkoop Network Diagnosis based on eBPFAlibaba Cloud Kubernetes Service(ACK)Clusterstens ofthousands

2、Nodesin single cluster10k+Regions30+The Complexity of Kubernetes Networkingin Conceptsin ImplementationsConcepts in KubernetesThe network concepts of Kubernetes lead to the complexity of networking configuration:Ingress/Service/NetworkPolicy LabelSelector selects unexpected pods.Overlapping of multi

3、ple NetworkPolicy rules.NATed service ports do not match the real pod ports.ServiceMesh More complicated Layer 7 network strategiesThird-party Networking/Ingress Plugins Provide custom networking extensions.Kubernetes服务发现-ServicePodSVCPodPodPodspec:clusterIP:192.168.14.75ports:-port:80protocol:TCPta

4、rgetPort:80selector:app:nginxmetadata:labels:app:nginxKubernetes网络策略-NetworkPolicyPod数据库Pod前端Pod后端spec:podSelector:matchLabels:tier:backendingress:-from:-podSelector:matchLabels:tier:frontendspec:podSelector:matchLabels:tier:dbingress:-from:-podSelector:matchLabels:tier:backendService DiscoveryNetwo

5、rkPolicyFrontendBackendDBImplementation of Container NetworkingComplexity of data-plane：ServiceMesh/KubeProxy/CNICNI Implementations(Overlay/Underlay)Complexity of the network stackLong data path,including NIC drivers/netfilter/route/bridge etc.Complicated networking configurationComplexity of under

6、lay network：Different configurations per cloud providerSecurity groups,route tables,etc.NodeKubeletCNIPodPodCNI NetworkIaaS NetworkNodeKubeletCNIPodPodCNI NetworkTraditional Network Troubleshooting1 Long Issue Diagnosis Process:Capture packets-Compare and analyze-Check configurations at packet loss