See also:

* Learning Containers: https://iximiuz.com/en/posts/container-learning-path/

* Computer Networking Fundamentals: https://iximiuz.com/en/posts/computer-networking-101/

Kubernetes pod networking really depends on the networking plugin and cloud platform. For example on AWS VPC-CNI, pods are directly attached to a network interface (on the VPC level) and directly get an IP from that — no NAT. These network interfaces don't show up on the host OS.

Yeah; this article seems like a pretty nice overview of how Linux network namespaces work, but my frustrations usually aren't at that level. I usually know what I want in those terms, but it seems like the container runtimes/frameworks often refuse to do it for obscure reasons, or it requires knowledge of undocumented implications.

Well, more or less. The pod IPs are assigned to the host ENIs and not to pods directly. The VPC CNI manages the virtual Ethernet devices in the host and pod network namespaces and sets up routes on the host such that inbound traffic using a pod IP will get routed to the correct virtual Ethernet device for the corresponding pod.

This reminded me of the syndrome of descriptions of software that assume knowledge of the last system. eg "well-known Linux facilities." Pretty sure the number of people who know what network namespaces are is smaller than those fuzzily familiar with container networking.

Great explanation but went right away with NAT, port forwarding and no mention of proper routing setup and no mention of IPv6.

Does anyone know if Kubernetes implements it's own networking or does it use container networking?

K8s defines an interface with requirements (such as every pod must be directly addressable by ip from every other pod) and you bring your own networking implementation. It's never just the standard container networking though as it needs to span horizontally.

Kubernetes does not use the traditional Docker networking model, but rather implements its own networking model. The Kubernetes networking model ensures that every pod gets its own IP address and allows pods to communicate with each other without NAT (Network Address Translation).

So there used to be something called "kubenet" which was built-in implementation that worked similar to what this article described, nowadays all networking is out-of-tree and handled by external networking plugins via the CNI[0].

[0] - https://cni.dev

Previous submission (with 67 comments): https://news.ycombinator.com/item?id=25834444

Really like this guy's writeups. Strikes a good balance between shallow beginner material and the implementation details of the source code.

There's a very nice book The Box by Leninson about Shopping Containers, their history and economic impact!