Networking

Kubernetes supports two main kube-proxy modes: iptables and ipvs. Which one should you use? 1. What is kube-proxy? kube-proxy manages network rules on Kubernetes nodes, allowing communication between services and pods. It can operate in different modes: iptables, ipvs, and userspace (deprecated). 2. iptables Mode Default and widely supported Implements rules using iptables NAT chains Pros: Simpler No extra kernel modules required Easier to debug Cons: Performance degrades with many services Sequential rule processing 3. IPVS Mode Based on Linux IP Virtual Server (part of LVS) Uses a hash table for rules → faster performance Pros: Better performance for large-scale clusters Supports connection-level load balancing algorithms (round-robin, least connections, etc.) Cons: Requires ip_vs kernel modules Slightly more complex setup 4. Switching to IPVS Check kernel support: ...

Understanding ndots in Kubernetes DNS Resolution The ndots option in DNS configuration plays a subtle but important role in how domain names are resolved inside Kubernetes pods. Incorrectly configured ndots can lead to unnecessary DNS queries, delays, or failed resolutions. What is ndots? ndots is a setting in /etc/resolv.conf that determines whether a DNS query is treated as a fully qualified domain name (FQDN) or a partial name requiring search path resolution. ...

Gateway API vs Ingress in Kubernetes Kubernetes networking can be tricky, especially when you’re trying to expose your services to the outside world. Two common ways to do this are Ingress and the newer Gateway API. Let’s look at what they are, how they differ, and when to use one over the other. What is Ingress? Ingress is a Kubernetes resource that defines how to route HTTP and HTTPS traffic to your services. It requires an Ingress Controller to actually implement the logic, such as NGINX or Traefik. ...

Why Add a Custom DNS Zone? Adding a custom DNS zone in CoreDNS can be useful for: Internal testing (e.g., *.local or *.internal) Service discovery for non-Kubernetes services Custom mappings and overrides Step-by-Step Guide 1. Edit the CoreDNS ConfigMap kubectl -n kube-system edit configmap coredns Add a new zone block like this: apiVersion: v1 kind: ConfigMap metadata: name: coredns namespace: kube-system data: Corefile: | .:53 { errors health kubernetes cluster.local in-addr.arpa ip6.arpa { pods insecure fallthrough in-addr.arpa ip6.arpa } forward . /etc/resolv.conf cache 30 loop reload loadbalance } internal.test:53 { hosts { 10.10.10.10 service1.internal.test 10.10.10.11 service2.internal.test fallthrough } } 2. Restart CoreDNS kubectl -n kube-system rollout restart deployment coredns 3. Test the Zone From any pod: ...

Why Use Custom DNS Zones in NodeLocal DNSCache? NodeLocal DNSCache speeds up DNS resolution in Kubernetes by running a local CoreDNS instance on each node. Adding custom zones allows: Fast resolution of static or internal domains DNS overrides without relying on upstream resolvers Separation of internal and external DNS logic Step-by-Step Guide 1. Get the NodeLocal DNS ConfigMap kubectl -n kube-system get configmap node-local-dns -o yaml > node-local-dns.yaml 2. Add Custom Zones Inside the Corefile section, add your custom zone using the hosts plugin: ...