DEV Community

Cover image for Kubernetes homelab - Learning by doing, Part 3: Networking
Sacha Thommet
Sacha Thommet

Posted on • Edited on

Kubernetes homelab - Learning by doing, Part 3: Networking

In this part of the Kubernetes homelab, we’ll dive into the networking setup.

Network configuration

My networking implementation is straightforward. All of the cluster nodes, along with the router with a built-in firewall, are on a single /24 private network. This is a standard home setup.

I set up my router's DHCP to assign static IPs to servers 1 and 2 by mapping them to their respective MAC addresses.

  • server1: 192.168.1.11
  • server2: 192.168.1.10
  • router: 192.168.1.254

Image description

Kubernetes internal networking

In order to expose your applications, you'll need an Ingress Controller. This runs on every node in the cluster and listens on ports 80 and 443 (HTTP and HTTPS). I choose the Nginx Ingress Controller, which is easy to install on Microk8s:

microk8s enable ingress

Then, I configured the router to forward incoming requests on ports 80 and 443 to any one of the nodes, in my case server2.
All other ports are blocked by the router’s firewall, ensuring that only necessary traffic reaches the servers.

Image description

server2 will handle all ingress traffic, and use the Calico network plugin to route the requests to the pods on the corresponding nodes.

I chose Calico for its support to NetworkPolicies, but Kubernetes allows you to use other Container Network Interfaces (CNIs) that may better suit your setup.

Note:
This means that if server2 is unavailable for some reason, the cluster will not respond to any incoming requests. It is a Single Point Of Failure.
One solution would be to use an IP failover mecanism like keepalived.

Finally, I also installed Cert Manager, to handle SSL certificate requests for my HTTPS routes and automatically manage renewals.

Installing it is a simple as:

kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/<version>/cert-manager.yaml
Enter fullscreen mode Exit fullscreen mode

With this setup, I simply create an Ingress, then the NGINX Ingress Controller along with Cert Manager takes care of the rest:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
    nginx.ingress.kubernetes.io/rewrite-target: /
  name: portfolio-ingress
  namespace: portfolio
spec:
  ingressClassName: nginx
  rules:
    - host: mydomain
      http:
        paths:
          - backend:
              service:
                name: portfolio
                port:
                  number: 3000
            path: /
            pathType: Prefix
  tls:
    - hosts:
        - mydomain
      secretName: certificate-prod-portfolio
Enter fullscreen mode Exit fullscreen mode

Top comments (0)