What is a Headless Service in Kubernetes? In Kubernetes, a Service is typically used to provide a stable IP address and DNS name for a set of Pods. By default, Kubernetes assigns a ClusterIP to the Service, and traffic is load balanced between available Pods. But sometimes you don’t want load balancing — you want direct DNS records for each Pod. That’s where a Headless Service comes in. How It Works A Headless Service is created by setting: ...
Changing the IP addresses of Kubernetes nodes is rarely a good idea — it can lead to broken networking, node unavailability, or even complete cluster failure. This article explains why you should avoid it, and provides a step-by-step recovery plan if you must do it. 1. Why Node IPs Matter Kubernetes heavily relies on the IP addresses of nodes for: Scheduling and node identity kubelet and API server communication CNI and network overlays DNS and service discovery TLS certificates tied to node IPs Changing an IP breaks all these associations — kubelet may fail to register, Pods may not communicate, and the control plane may mark the node as NotReady. ...
Basic iptables Commands Every DevOps Engineer Should Know iptables is a powerful command-line utility for configuring the Linux kernel firewall. It is widely used for managing network traffic and securing Linux-based systems. Why Use iptables? Block unwanted traffic Allow specific ports Forward or redirect traffic Protect services from unauthorized access Basic iptables Syntax iptables -[A|D|I|R|L] [CHAIN] [OPTIONS] -A: Append a rule -D: Delete a rule -I: Insert a rule -R: Replace a rule -L: List rules Common Chains INPUT: Packets destined to the host OUTPUT: Packets sent from the host FORWARD: Packets routed through the host Examples List All Rules iptables -L -v -n Allow Incoming SSH (Port 22) iptables -A INPUT -p tcp --dport 22 -j ACCEPT Drop All Incoming Traffic By Default iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT Allow Loopback and Established Connections iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT Delete a Rule iptables -D INPUT -p tcp --dport 22 -j ACCEPT Saving and Restoring Rules Save Rules iptables-save > /etc/iptables/rules.v4 Restore Rules iptables-restore < /etc/iptables/rules.v4 Conclusion Understanding iptables helps you take full control over traffic flow in and out of your Linux systems. These basic commands will help you secure your infrastructure and troubleshoot network issues. ...
Kubernetes supports two main kube-proxy modes: iptables and ipvs. Which one should you use? 1. What is kube-proxy? kube-proxy manages network rules on Kubernetes nodes, allowing communication between services and pods. It can operate in different modes: iptables, ipvs, and userspace (deprecated). 2. iptables Mode Default and widely supported Implements rules using iptables NAT chains Pros: Simpler No extra kernel modules required Easier to debug Cons: Performance degrades with many services Sequential rule processing 3. IPVS Mode Based on Linux IP Virtual Server (part of LVS) Uses a hash table for rules → faster performance Pros: Better performance for large-scale clusters Supports connection-level load balancing algorithms (round-robin, least connections, etc.) Cons: Requires ip_vs kernel modules Slightly more complex setup 4. Switching to IPVS Check kernel support: ...
Understanding ndots in Kubernetes DNS Resolution The ndots option in DNS configuration plays a subtle but important role in how domain names are resolved inside Kubernetes pods. Incorrectly configured ndots can lead to unnecessary DNS queries, delays, or failed resolutions. What is ndots? ndots is a setting in /etc/resolv.conf that determines whether a DNS query is treated as a fully qualified domain name (FQDN) or a partial name requiring search path resolution. ...