(via Life of a Packet)

In this talk, Michael Rubin goes through the main concepts in the Kuberentes network stack, things like traffic between pods, services and network policies.

Besides the basic introduction to how CNI works, one of the key ideas is that entities like Services and Cluster IPs are really abstractions that do not correspond to real things in the cluster, but some Kubernetes sub-systems like the kube-proxy create the illusion of these things being real. The kube-propxy is responsible for creating the right iptables (or IPVS) rules for sending packets to one of the endpoints in the cluster that serves this service.