A Hands-on Kubernetes Network Troubleshooting Journey

<p>While developing the Kata/remote-hypervisor (aka peer-pods) approach, I encountered an issue where the Kubernetes pod IP was unreachable from the worker node. In this blog, I describe the Kubernetes network troubleshooting journey, believing it&rsquo;ll be helpful to my readers.</p> <blockquote> <p>Kata remote hypervisor (peer-pods) approach enables the creation of Kata VMs in any infrastructure environment by utilising the environment&rsquo;s native infrastructure management APIs, such as AWS or Microsoft Azure APIs, when creating Kata VMs on AWS or Azure respectively. The&nbsp;<a href="https://github.com/confidential-containers/cloud-api-adaptor" rel="noopener ugc nofollow" target="_blank">cloud-api-adaptor</a>&nbsp;sub-project of the CNCF&nbsp;<a href="https://github.com/confidential-containers" rel="noopener ugc nofollow" target="_blank">confidential containers</a>&nbsp;project implements the Kata remote hypervisor.</p> </blockquote> <p>As shown in the diagram below, in the peer-pods approach, the pod (Kata) VM runs external to the Kubernetes (K8s) worker node, and the pod IP is reachable from the worker node using a VXLAN tunnel. Using a tunnel ensures that the pod networking continues to work as-is without any changes to the CNI networking.</p> <p><a href="https://pradiptabanerjee.medium.com/a-hands-on-kubernetes-network-troubleshooting-journey-c2b051ce6761"><strong>Click Here</strong></a></p>