awesome-kubernetes/docs/kubernetes-networking.md

Kubernetes Networking

1. Introduction
2. Kubernetes DNS
3. Kubernetes Services and Load Balancing
4. TCP Keep Alive Requests
5. Headless Kubernetes Service
6. NetworkPolicy
7. Nginx Ingress Controller
8. Contour Ingress Controller
9. Kubernetes Gateway API
10. Kube-proxy
11. Multicloud communication for Kubernetes
12. Multi-Cluster Kubernetes Networking
13. Kubernetes Network Policy
    1. Cilium
    2. Kubernetes Network Policy Samples
14. Kubernetes Ingress Specification
15. Xposer Kubernetes Controller To Manage Ingresses
16. Software-Defined IP Address Management (IPAM)
17. CNI Container Networking Interface
    1. List of existing CNI Plugins (IPAM)
    2. Project Calico
18. DNS Service with CoreDNS
19. Kubernetes Node Local DNS Cache
20. k8gb
21. VPC Lattice
22. Images
23. Videos
24. Tweets

Introduction

• kubernetes.io: The Kubernetes network model. How to implement the Kubernetes networking model
• ovh.com - getting external traffic into kubernetes: clusterip, nodeport, loadbalancer and ingress
• ==learnk8s.io: Load balancing and scaling long-lived connections in Kubernetes== 🌟🌟🌟 Kubernetes doesn't load balance long-lived connections, and some Pods might receive more requests than others. If you're using HTTP/2, gRPC, etc. or any other long-lived connection, you might want to consider client-side load balancing
• stackrox.com: Kubernetes Networking Demystified: A Brief Guide
• medium.com: Fighting Service Latency in Microservices With Kubernetes
• medium.com: Kubernetes NodePort vs LoadBalancer vs Ingress? When should I use what? 🌟
• blog.alexellis.io: Get a LoadBalancer for your private Kubernetes cluster
• dustinspecker.com: How Do Kubernetes and Docker Create IP Addresses?!
• youtube: Kubernetes Ingress Explained Completely For Beginners
• AWS and Kubernetes Networking Options and Trade-Offs (part 1)
• AWS and Kubernetes Networking Options and Trade-Offs (part 2)
• medium: Service Types in Kubernetes? 🌟 A Service enables network access to a set of Pods in Kubernetes.
• containo.us: Kubernetes Ingress & Service API Demystified
• speakerdeck.com: Kubernetes and networks. Why is this so dan hard? 🌟
• eevans.co: Deconstructing Kubernetes Networking
• externalTrafficPolicy=local on kubernetes. How to preserve the source IP in kubernetes externalTrafficPolicy=local is an annotation on the Kubernetes service resource that can be set to preserve the client source IP. When it is set, the actual IP address of a client is propagated to the K8s service instead of the IP address of the node.
• ronaknathani.com: How a Kubernetes Pod Gets an IP Address 🌟
• opensource.com: Why I use Ingress Controllers to expose Kubernetes services Kubernetes ingress controllers will make or break your cloud architecture.
• blog.nody.cc: Verify your Kubernetes Cluster Network Policies: From Faith to Proof
• medium: How to setup Hetzner load balancer on a Kubernetes cluster
• zhimin-wen.medium.com: Sticky Sessions in Kubernetes 🌟
• infoq.com: Kubernetes Ingress Is Now Generally Available
• Learnk8s: Comparison of Kubernetes Ingress Controllers 🌟🌟 How do you choose the right Kubernetes Ingress controller when: Not all Ingress controllers support UDP, Only Kong has a free LDAP integration, Nginx Ingress and HAProxy are the only two ingress without CRDs.
• blog.alexellis.io: Get kubectl access to your private cluster from anywhere
• jmrobles.medium.com: How to setup Hetzner load balancer on a Kubernetes cluster
• kubernetes.io: Scaling Kubernetes Networking With EndpointSlices EndpointSlices are a new Kubernetes API that provides a scalable and extensible alternative to the Endpoints API.
• medium: Create a Custom Annotation for the Kubernetes ingress-nginx Controller
• haproxy.com: Announcing HAProxy Kubernetes Ingress Controller 1.5 🌟
• devclass.com: HAProxy Ingress Controller 1.5 introduces mTLS support, gives load balancing experts more power
• thenewstack.io: HAProxy Kubernetes Ingress Controller Moves Outside the Cluster
• suse.com: NGINX Guest Blog: NGINX Kubernetes Ingress Controller 🌟
• blog.cloudflare.com: Moving k8s communication to gRPC
• K8GB - Kubernetes Global Balancer - openshift.com: K8GB - Kubernetes Global Balancer
• altoros.com: Kubernetes Networking: How to Write Your Own CNI Plug-in with Bash
• Network Node Manager network-node-manager is a kubernetes controller that controls the network configuration of a node to resolve network issues of kubernetes. By simply deploying and configuring network-node-manager, you can solve kubernetes network issues that cannot be resolved by kubernetes or resolved by the higher kubernetes Version. Below is a list of kubernetes's issues to be resolved by network-node-manager. network-node-manager is based on kubebuilder v2.3.1.
• getenroute.io: Drive API Security At Kubernetes Ingress Using Helm And Envoy 🌟
• ithands-on.com: Kubernetes 101 : External services - ExternalName, DNS and Endpoints
• ibm.com: Multizone Kubernetes and VPC Load Balancer Setup Securely expose your Kubernetes app by setting up a Load Balancer for VPC in a different zone.
• opensource.googleblog.com: Kubernetes: Efficient Multi-Zone Networking with Topology Aware Routing
• nbailey.ca: Domesticated Kubernetes Networking
• sookocheff.com: A Guide to the Kubernetes Networking Model 🌟
• build.thebeat.co: A curious case of AWS NLB timeouts in Kubernetes A debugging adventure that allowed us to solve the tail latencies our Kubernetes applications were experiencing when talking with our AWS NLB.
• ingressbuilder.jetstack.io 🌟🌟 Ingress Builder allows users to select any annotation from the list of available controllers, to add to the ingress manifest.
• itnext.io: Generating Kubernetes Network Policies Automatically By Sniffing Network Traffic 🌟 This blog post is about an experiment to automate creation of Kubernetes Network Policies based on actual network traffic captured from applications running on a Kubernetes cluster - code
• medium: Using nginx-ingress controller to restrict access by IP (ip whitelisting) for a service deployed to a Kubernetes (AKS) cluster
• openshift.com: gRPC or HTTP/2 Ingress Connectivity in OpenShift 🌟
• inlets.dev: Fixing Ingress for short-lived local Kubernetes clusters
• nginx.com: How to Simplify Kubernetes Ingress and Egress Traffic Management
• blog.teamhephy.info: Running Workflow Without Any LoadBalancer
• blog.alexellis.io: Get a public LoadBalancer for your private Kubernetes cluster 🌟
• searchitoperations.techtarget.com: Differences between Kubernetes Ingress vs. load balancer To manage Kubernetes cluster traffic, admins have a few choices. Compare Kubernetes Ingress vs. load balancers, as well as the NodePort and ClusterIP service types.
• monzo.com: Controlling outbound traffic from Kubernetes
• medium: Access Application Externally In Kubernetes Cluster using Load Balancer Service Learn how to create a Pod and how to create a Load Balancer service using Kubernetes cluster. And access the application from outside.
• itnext.io: Why and How of Kubernetes Ingress (and Networking) 🌟
• techdozo.dev: gRPC load balancing on Kubernetes (using Headless Service)
• thenewstack.io: ZeroLB, a New Decentralized Pattern for Load Balancing
• ungleich.ch: Making kubernetes kube-dns publicly reachable
• ungleich.ch: Building Ingress-less Kubernetes Clusters Building Ingress-less Kubernetes Clusters with IPv6
• thenewstack.io: Ingress Controllers: The More the Merrier
• levelup.gitconnected.com: Setting up Application Load Balancer (Ingress) for the Pods running in AWS EKS Fargate
• devopscube.com: Kubernetes Ingress Tutorial For Beginners 🌟 In this Kubernetes ingress tutorial, you will learn the basic concepts of ingress, the native ingress resource object, and the concepts involved in ingress controllers
• ystatit.medium.com: How to Change Kubernetes Kube-apiserver IP Address
• monzo.com: Controlling outbound traffic from Kubernetes
• nginx.com: Reducing Kubernetes Costs by 70% in the Cloud with NGINX, Opsani, and Prometheus
• ithands-on.com: Kubernetes 101 : Changing a service type If we realize that our service, a ClusterIP doesn't suit our needs anymore, we could change its type to a nodePort service for example.
• cloud.redhat.com: Global Load Balancer Approaches 🌟
• ==loft.sh: Kubernetes NGINX Ingress: 10 Useful Configuration Options== 🌟 Kubernetes Ingress is the object that provides routing rules into your cluster. To best serve traffic to your app, you need to correctly configure it. This is an incredible article from loft.sh with 10 useful options for configuring NginX Ingress
• ==technos.medium.com: Kubernetes Services for Absolute Beginners — NodePort== 🌟
• fransemalila.medium.com: Kubernetes Networking To access the application over the network, K8s services must be used to expose the pods to external traffic and load balancing the traffic across multiple pods.
  • Cluster IP
  • Target Ports
  • Node Port
  • External IPs
  • Load Balancer
• ==thenewstack.io: Ingress Controllers: The Swiss Army Knife of Kubernetes==
• ==nginx.com: Kubernetes Networking 101==
• medium.com/the-programmer: Working With ClusterIP Service Type In Kubernetes Working with services in Kubernetes Using ClusterIP
• olamiko.medium.com: Technical Series: Kubernetes Networking
• ==learnk8s.io: Tracing the path of network traffic in Kubernetes== 🌟
• ==devopslearners.com: Kubernetes Ingress Tutorial For Beginners== - https://devopscube.com/kubernetes-ingress-tutorial
• devopscube.com: How To Configure Ingress TLS/SSL Certificates in Kubernetes
• armosec.io: Getting Started with Kubernetes Ingress | Ben Hirschberg
• ==itnext.io: Kubernetes Service Type LB for On Prem Deployments==
• ==medium.com/techbeatly: Kubernetes Networking Fundamentals==
• rajivsharma-2205.medium.com: Demystify how traffic reaches directly to pod on using alb.ingress.kubernetes.io/target-type: ip
• medium.com/linux-shots: Kubernetes ingress as reverse proxy to Application running outside cluster This article demonstrates how to serve an application running outside Kubernetes as if it were part of the cluster by configuring the Ingress controller and using the ExternalName Service.
• medium.com/@zhaoyi0113: Kubernetes — How does service network work in the cluster
• ==medium.com/@pavanbelagatti: Kubernetes Service Types Explained== 🌟
• ==tkng.io: The Kubernetes Networking Guide== 🌟🌟 The purpose of The Kubernetes networking guide is to provide an overview of various Kubernetes networking components with a specific focus on exactly how they implement the required functionality
  • ==tkng.io/arch: THE KUBERNETES NETWORK MODEL== 🌟🌟
• medium.com/stakater: Efficiently Expose Services on Kubernetes (part 1) 🌟
  • medium.com/stakater: Efficiently Expose Services on Kubernetes (part 2)
• ==platform9.com: Ultimate Guide to Kubernetes Ingress Controllers== 🌟
• faun.pub: Kubernetes Service Types Tutorial | Pavan Belagatti 🌟 Configure ClusterIP, NodePort, LoadBalancer and Ingress
• medium.com/slalom-build: Managing Ingress Traffic on Kubernetes Platforms 🌟 Why you need an Ingress and how to pick the right one
• craig-godden-payne.medium.com: How does ingress work in Kubernetes? And how to set up ingress in minikube
• dustinspecker.com: Kubernetes Networking from Scratch: Using BGP and BIRD to Advertise Pod Routes In this article, you will learn how Calico sets up pod routes between Kubernetes nodes. In this post, you won't use containers or pods. You'll learn by creating network namespaces and virtual ethernet devices manually.
• ==home.robusta.dev: The ultimate guide to Kubernetes Services, LoadBalancers, and Ingress== 🌟🌟🌟
• sanjimoh.medium.com: Demystifying Kubernetes Networking — Episode 1 In this series of articles you will learn about Kubernetes networking:
  • Linux namespaces and Networking namespace
  • Intra pod networking & pause container
  • Kubernetes networking model
• ==dev.to: Tune up your Kubernetes Application Performance with a small DNS Configuration==
• medium.com/@mehmetodabashi: Kubernetes networking and service object: Understanding ClusterIp and nodePort with hands on study
• medium.com/@jasonmfehr: Inspecting Kubernetes Client to API Server Network Traffic
• medium.com/geekculture: K8s Network — CNI Introduction Introduction to K8s container network interface
• ==medium.com/patilswapnilv: Getting Started with Kubernetes Networking== 🌟 In this article, you will examine Kubernetes networking with the help of 10 detailed diagrams
• ==faun.pub: Kubernetes Ingress with Nginx== How to install and secure Nginx Ingress
• medium.com/codex: Access Application Externally In Kubernetes Cluster using Load Balancer Service Learn how to create a Pod and how to create a Load Balancer service using Kubernetes cluster. And access the application from outside.
• itnext.io: Inspecting and Understanding k8s Service Network 🌟
• ovidiuborlean.medium.com: Networking latency measurement in Kubernetes with Sockperf plugin
• itnext.io: Kubernetes networking deep dive: Did you make the right choice? Kubernetes networking design can be intimidating, especially when you are the one to make decisions for cluster-level network choices. In this session, we will discuss how these choices will affect cluster routing and load balancing, focusing on KubeProxy modes(iptables vs IPVS) and network solutions.
• medium.com/@muhidabid.cs: Why does Kubernetes need Ingress? - muhidabid.hashnode.dev: Why does Kubernetes need Ingress?
• blog.devgenius.io: K8s — ipvs Mode Introduction
• ==edureka.co: Kubernetes Networking – A Comprehensive Guide To The Networking Concepts In Kubernetes==
• whyk8s.substack.com: Why not DNS? Why is KubeProxy necessary? Couldn't simple DNS records do the job? You do a DNS lookup on my-service in Kubernetes. You do NOT get back IPs for pods that provide that Service. Have you ever wondered why?
• medium.com/geekculture: Kubernetes Gateway API: The Intro You Need To Read In this article, you'll learn how to deploy k3s to a Raspberry Pi cluster with ClusterHat and ClusterCTRL
• ==ksingh7.medium.com: Kubernetes Endpoint Object: Your Bridge to External Services== 🌟🌟 Chances are that you might want to access services external to the cluster, such as a database. In this article, you will learn how to create an endpoint manually to make an external database available to the Pods in the cluster.
• medium.com/@ahmet16ck: What Is Load Balancer and How Does It Work In Kubernetes ? 🌟
• api7.ai: How Does APISIX Ingress Support Thousands of Pod Replicas? In this article, you'll explore the challenges of deploying large numbers of Pods in your Kubernetes cluster. You'll also compare Endpoints and EndpointSlice and discuss how to enable EndpointSlice when installing APISIX Ingress.
• medium.com/illuminations-mirror: Basic | Networking and Communication Between Pods in Kubernetes
• blog.devops.dev: Networking in Kubernetes In this blog post, we’re going to delve into the world of Kubernetes networking and explore the many components that make it such a powerful and reliable platform for modern containerized applications. lets discover the essential networking components that make Kubernetes the go-to choice for cloud-native deployments!
• medium.com/@mustafaaltunok: How Ingress, Service, Deployment and Pod Link to each other In Kubernetes domain, deployment of an app consists of mainly three components. From outer to inner.
• inlets.dev: How to Get Ingress for Private Kubernetes Clusters By design, local Kubernetes clusters are inaccessible from the internet. So how can we fix that if we want to use Ingress? What are the options for getting a public IP or LoadBalancer for local Kubernetes clusters? I cover use-cases and compare port-forwarding, Ngrok, Wireguard and inletsdev
• blog.devops.dev: Demystifying Kubernetes:Understanding Ingress, Configuration, and Best Practices A comprehensive overview of Kubernetes, the basics of ingress and how to configure it to expose services within K8s cluster.
• ==dev.to/narasimha1997: Communication between Microservices in a Kubernetes cluster== 🌟 This article discusses the various ways in which microservices in Kubernetes can communicate with each other. It provides an example of two pods, one acting as an HTTP web server and the other as a curl client that makes a request to the web server.
• ==medium.com/google-cloud: Kubernetes Ingress Vs Gateway API== 🌟 Understanding the Differences between Kubernetes Ingress and Gateway API for Effective Traffic Management
• medium.com/nerd-for-tech: Kubernetes: Deploying NGINX with a ConfigMap | Chanel Jemmott
• medium.com/@sangjinn: How to communicate with Kubernetes workloads — Part I. Service | Brandon Kang
  • medium.com/@sangjinn: How to communicate with Kubernetes workloads — Part II. Ingress | Brandon Kang
• ==shahneil.medium.com: What Are Kubernetes Endpoints?==
• ==fr4nk.xyz: Understanding Ingress in Kubernetes: A Comprehensive Guide== Kubernetes Ingress plays a crucial role in managing external access to services within a cluster.
• thenewstack.io: Otterize: Intent-Based Access Control for Kubernetes and Cloud Otterize offers intent-based access control and secure connectivity management within clusters and across the cloud.
• blog.palark.com: Comparing Ingress controllers for Kubernetes
• ==community.ops.io: Kubernetes Ingress Controller. How does it work?=== Learning how an ingress controller works by building one in bash.
• medium.com/@rasikzilte711: Kubernetes Networking — A Guide to Services, Ingress, Network Policies, DNS, and CNI Plugins
• sysdig.com: Kubernetes Services: ClusterIP, Nodeport and LoadBalancer Your Kubernetes Pods have internal IPs, but can since Pods are created and destroyed, can you rely on those? Discover services and their types: ClusterIP, NodePort and LoadBalancer
• medium.com/codex: Capture tcpdump with ksniff and wireshark from Kubernetes In Kubernetes, there are many ways to deploy and run apps, such as pods, services, and more. Tcpdump can be used to capture network traffic between these components, helping to identify network issues and diagnose problems.
• cloudtechtwitter.com: Reverse Proxy vs. Forward Proxy: The Differences
• matthewpalmer.net: Kubernetes Networking Guide for Beginners
• itnext.io: Deciphering the Kubernetes Networking Maze: Navigating Load-Balance, BGP, IPVS and Beyond
• adil.medium.com: Network Traffic Shaping in Kubernetes: Topology Aware Routing
  • One challenge in cloud-distributed systems is keeping network traffic within the same availability zone
  • Kubernetes introduced Topology Aware Routing to address this issue
  • This ensures requests between apps remain in the same zone
• otterize.com: Mastering Kubernetes networking: A journey in cloud-native packet management Master Kubernetes networking with a comprehensive packet walk, and learn how Otterize helps build adaptive Network Policies.

Kubernetes DNS

Kubernetes Services and Load Balancing

• Application Gateway for Containers with AKS Overlay Networking and VNet Flow Logs 🌟 - This post delves into the integration of Azure Application Gateway for Containers (AGC) with Azure Kubernetes Service (AKS) when using the overlay network option. It explores how AGC interacts with pods using non-routable IP addresses and examines the feasibility of using VNet Flow Logs to monitor traffic between AGC and AKS.

• Introduction to Azure Application Gateway for Containers (AGC) - (Related to azure topic)

• Kubernetes Services and Load Balancing Explained 🌟 - An in-depth exploration of Kubernetes networking, focusing on Services, kube-proxy, and load balancing mechanisms. The article details how pods communicate within a cluster, the role of Services in directing traffic, and managing external access. It covers ClusterIP, NodePort, and LoadBalancer service types, their implementation via iptables, and advanced topics like preserving source IPs, handling terminating endpoints, and integrating with cloud load balancers. The content is illustrated with a practical example of deploying a two-tier application.

• blog.cloudsigma.com: Kubernetes DNS Service: A Beginner’s Guide Kubernetes DNS service allows you to contact services with consistent DNS names instead of IP addresses.

TCP Keep Alive Requests

• kuderko.medium.com: Fixing bad CPU usage distribution in Kubernetes 🌟 In this article, you will learn how TCP keep-alive requests could hurt horizontal scaling for your pods. You will also discuss the workarounds you can apply to your apps or web servers.

Headless Kubernetes Service

• medium.com: Headless Kubernetes Service A headless service in Kubernetes can be a useful tool for creating distributed applications. It allows you to directly access the individual pods in a service. This is useful in scenarios where you need to perform complex load-balancing. A headless service does not have a cluster IP assigned to it. Instead of providing a single virtual IP address for the service, a headless service creates a DNS record for each pod associated with the service. These DNS records can then be used to directly address each pod. Here’s a high-level overview of how a headless service works:
  • A headless service is created in Kubernetes
  • Pods are associated with the service through labels
  • DNS records are created for each pod associated with the service
  • Clients can use the DNS records to directly access each pod
• goglides.dev: Headless services in Kubernetes Vs Regular Service: What, Why, and How?

NetworkPolicy

• opensource.com: What you need to know about Kubernetes NetworkPolicy Understanding Kubernetes NetworkPolicy is one of the fundamental requirements to learn before deploying an application to Kubernetes.
• itnext.io: CKAD Scenarios about Ingress and NetworkPolicy In-Browser CKAD Scenarios about Ingress and NetworkPolicies.
  • ==editor.cilium.io== 🌟🌟🌟 For learning, you can use the amazing NetworkPolicy Editor at cilium.
• whyk8s.substack.com: Why NetworkPolicies? Is Kubernetes networking insecure by default? Why was it built that way?
• yuminlee2.medium.com: Kubernetes Network Policies
• ==bagas-awibowo.medium.com: Helm — Templating Network Policy using Helm==

Nginx Ingress Controller

• InGate: Ingress & Gateway API Controller (Archived) - InGate was an Ingress and Gateway API controller for Kubernetes, developed by the kubernetes-sigs organization. It aimed to provide advanced traffic management capabilities for Kubernetes clusters. The project has been archived and is recommended for migration to the Gateway API.

• Transitioning from ingress-nginx to Traefik in Kubernetes 🌟 - This article discusses the challenges and strategies for migrating Kubernetes ingress traffic from ingress-nginx to Traefik, especially in light of ingress-nginx entering maintenance mode. It highlights Traefik's modern approach and features as a viable alternative for managing cloud-native API gateways.

• blog.teamhephy.info: Learn how to use the Nginx Ingress controller to serve traffic over SSH with TCP load balancing

• nginx.com: A Guide to Choosing an Ingress Controller, Part 4: NGINX Ingress Controller Options

• NGINX Ingress Controller - v1.0.0 NGINX Ingress Controller v1.0.0 released today! The biggest change is the support to stable/v1 ingress object, and dropping support to v1beta1.

• amy-ma.medium.com: Nginx Ingress Configuration Configure NGINX basic routing with TLS on HPCC. This tutorial provides steps on how to set up basic routing for ECLWatch with the NGINX Ingress controller and configure certificates using Cert-Manager.

• devopscube.com: How to Setup Nginx Ingress Controller On Kubernetes – Detailed Guide 🌟

• medium.com/@jonathan_37674: How to secure Kubernetes ingress? | By ARMO

• nginx.com: Automating Multi-Cluster DNS with NGINX Ingress Controller

• ==engineering.backmarket.com: How we improved third-party availability and latency with Nginx in Kubernetes== 🌟 Introducing a gateway to cache your third-party API can significantly improve its performance and stability. In this case study, you will discover how the team at Back Market configured NGINX in Kubernetes to improve third-party API availability and latency.

• towardsdev.com: Kubernetes: Deploying Nginx Servers with ConfigMaps & Shared Services with Minikube

• faun.pub: How to Monitor and Alert on Ingress-NGINX in Kubernetes

• sumanprasad.hashnode.dev: A Beginner's Guide to Ingress and Ingress Controllers in Kubernetes

• akyriako.medium.com: Configure path-based routing with Nginx Ingress Controller

• ==mattias.engineer: Kubernetes-101: Ingress== 🌟 The article provides an in-depth guide on the Ingress resource. It explains that Ingress offers more functionalities than a Service, enabling multiple routing rules for different Services. It also touches upon HTTPS traffic with TLS certificates.

Contour Ingress Controller

• trstringer.com: Kubernetes Ingress with Contour

Kubernetes Gateway API

• Kubernetes Gateway API 🌟 - The Kubernetes Gateway API is a collection of APIs that model service networking in Kubernetes. It aims to provide a more expressive, role-oriented, and extensible successor to the Kubernetes Ingress API, enabling advanced traffic management, routing, and load balancing capabilities.

• ==gateway-api.sigs.k8s.io== 🌟 Gateway API is an open source project managed by the SIG-NETWORK community. It's is a collection of resources that model service networking in Kubernetes. These resources - GatewayClass,Gateway, HTTPRoute, TCPRoute, Service, etc - aim to evolve Kubernetes service networking through expressive, extensible, and role-oriented interfaces that are implemented by many vendors and have broad industry support.

• kubernetes.io: Evolving Kubernetes networking with the Gateway API

• thenewstack.io: Unifying Kubernetes Service Networking (Again) with the Gateway API 🌟 The Gateway API, formerly known as the Services API and before that Ingress V2, was first discussed in detail — and in-person — at Kubecon 2019 in San Diego. There were already many well-known and well-documented limitations of Ingress and Kubernetes networking APIs. The Gateway API was intended as a redo of these APIs, built on the lessons from Services, Ingress and the service mesh community.

• blog.flomesh.io: Kubernetes Gateway API — Evolution of Service Networking

• ==armosec.io: The New Kubernetes Gateway API and Its Use Cases==

• medium.com/google-cloud: Security with Kubernetes Gateway API 🌟

• navendu.me: Comparing Kubernetes Gateway and Ingress APIs In this article, you will explore the new Kubernetes Gateway API and compare it with the existing Kubernetes Ingress API for handling external traffic

Kube-proxy

• NFTables mode for kube-proxy in Kubernetes 🌟 - This article introduces the new nftables mode for kube-proxy, an alpha feature in Kubernetes 1.29 that is currently in beta and expected to reach General Availability (GA) in version 1.33. The new mode addresses long-standing performance issues associated with the iptables mode, particularly for large Kubernetes clusters with numerous Services. It leverages the capabilities of nftables to improve data plane latency by providing a more scalable and efficient way to handle Service proxying compared to the traditional iptables approach. The article encourages users with recent kernels to try out this new mode.

• dustinspecker.com: iptables: How Kubernetes Services Direct Traffic to Pods In this article you will learn how Kubernetes's kube-proxy uses iptables to direct traffic to pods randomly. You'll focus on the ClusterIP type of Kubernetes services.

• arthurchiao.art: Cracking kubernetes node proxy (aka kube-proxy) This post analyzes the Kubernetes node proxy model, and provides 5 demo implementations (within couples of lines of code) of the model, each based on different tech-stacks (userspace/iptables/ipvs/tc-ebpf/sock-ebpf).

Multicloud communication for Kubernetes

• Introducing Subnet Peering in Azure - (Related to azure topic)

• Private Link Reality Bites: Service Endpoints vs Private Link - This blog post explores the differences and commonalities between Azure VNet Service Endpoints and Azure Private Link, addressing common confusion among organizations, especially those who adopted service endpoints before Private Link's release. It provides context by tracing the evolution from public IP access to the introduction of service endpoints and then Private Link for Azure services.

• developers.redhat.com: Use Skupper to connect multiple Kubernetes clusters 🌟 - skupper.io Multicloud communication for Kubernetes. Skupper is a layer 7 service interconnect. It enables secure communication across Kubernetes clusters with no VPNs or special firewall rules. With Skupper, your application can span multiple cloud providers, data centers, and regions.

Multi-Cluster Kubernetes Networking

• itnext.io: Multi-Cluster Kubernetes Networking with Netmaker
  • NetMaker Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.

Kubernetes Network Policy

• howtoforge.com: Network Policy in Kubernetes 🌟 By default, pods accept traffic from any source. A network policy helps to specify how a group of pods can communicate with each other and other network endpoints.
• medium: How to Provision Network Policies in Kubernetes | AWS 🌟
• learncloudnative.com: Kubernetes Network Policy
• bionconsulting.com: Kubernetes Network Policies
  • bionconsulting.com: Kubernetes Network Policies - Part 2
• thenewstack.io: The Kubernetes Network Security Effect 🌟 Kubernetes has a built-in object for managing network security: NetworkPolicy. While it allows the user to define the relationship between pods with ingress and egress policies, it is basic and requires very precise IP mapping of a solution — which changes constantly, so most users I’ve talked to are not using it.
• faun.pub: Control traffic flow to and from Kubernetes pods with Network Policies
• openshift.com: Network Policies: Controlling Cross-Project Communication on OpenShift
• loft-sh.medium.com: Kubernetes Network Policies: A Practitioner’s Guide 🌟
• loft.sh: Kubernetes Network Policies: A Practitioner's Guide 🌟
• medium: Kubernetes Network Policies: Are They Really Useful? 🌟
• loft.sh: Kubernetes Network Policies for Isolating Namespaces 🌟
• arthurchiao.art: Cracking Kubernetes Network Policy This post digs into the Kubernetes NetworkPolicy model, then designs a policy enforcer based on the technical requirements and further implements it with less than 100 lines of eBPF code. Hope that after reading through this post, readers will get a deeper understanding on how network policies are enforced in the underlying.
• engineering.mercari.com: Managing Network Policies for namespaces isolation on a multi-tenant Kubernetes cluster This post outlines how to implement an abstraction over network policies in a multi-tenant Kubernetes cluster instead of directly exposing raw YAML-based manifests for better usability and verifiability
• blog.devgenius.io: Simplify Kubernetes Network Policy Generation
• blog.slycreator.com: Network Policies: Understanding Kubernetes Network Policies This article explores the fundamental concepts, syntax, semantics, and implementation considerations associated with Network Policies. It also delves into best practices and real-world examples to illustrate their practical application and benefits.

Cilium

• cilium.io 🌟 eBPF-based Networking, Observability, and Security
• cilium.io: NetworkPolicy Editor: Create, Visualize, and Share Kubernetes NetworkPolicies 🌟
• editor.cilium.io 🌟 Learn how to create Network Policies for Kubernetes using an interactive playground
• buoyant.io: Kubernetes network policies with Cilium and Linkerd
• itnext.io: Installing Cilium on Kubernetes in a fast and efficient way
• cilium.io: CNI Benchmark: Understanding Cilium Network Performance
• cockroachlabs.com: How to use Cluster Mesh for Multi-Region Kubernetes Pod Communication
  • Thanks to services provided by AWS, GCP, and Azure it’s become relatively easy to develop applications that span multiple regions. This is great because slow apps kill businesses. There is one common problem with these applications: they are not supported by multi-region database architecture.
  • CockroachDB is built to solve that problem and we’re doing it in production for many applications today. But that’s not what this blog is about. In this blog, I will provide a solution for the problem of getting Kubernetes pods to talk to each other in multi-region deployments.
• cilium.io: Cilium 1.10: WireGuard, BGP Support, Egress IP Gateway, New Cilium CLI, XDP Load Balancer, Alibaba Cloud Integration and more Traditional workloads have a fixed and unique IP that can be recognized by a firewall. Traffic coming from a containerized application will come from many different IPs. How can you fix that? Cilium allows users to specify an egress NAT policy
• medium.com/@charled.breteche: Kubernetes Security — Control pod to pod communications with Cilium network policies In this article, you'll explore Cilium network policies and how you can use them to control pod to pod communications on a 3 nodes and 3 masters cluster. You will also use Hubble to visualise the effect of the network policies in your cluster.
• solo.io: Exploring Cilium Layer 7 Capabilities Compared to Istio
• betterprogramming.pub: K8s: Network Policy Made Simple With Cilium Editor 🌟 An intuitive graphical tool to define complex network policies

<script async class="speakerdeck-embed" data-id="9251193501114da199d70b2a679c552f" data-ratio="1.77777777777778" src="//speakerdeck.com/assets/embed.js"></script>

Kubernetes Network Policy Samples

• ==ahmetb/kubernetes-network-policy-recipes== 🌟 Example recipes for Kubernetes Network Policies that you can just copy paste. This repository contains various use cases of Kubernetes Network Policies and sample YAML files to leverage in your setup. If you ever wondered how to drop/restrict traffic to applications running on Kubernetes, this is for you

Kubernetes Ingress Specification

• Azure Front Door Integration with AKS Ingress for TLS and App Routing 🌟 - This blog post details how to integrate Azure Front Door (AFD) with Azure Kubernetes Service (AKS) Ingress controller to handle TLS termination and application routing. It provides a technical walkthrough for setting up a more robust and scalable ingress solution for Kubernetes applications hosted on AKS.

• Supporting the Evolving Ingress Specification in Kubernetes 1.18

• medium: Ingress service types in Kubernetes 🌟

• ==itnext.io: Autoscaling Ingress Controllers in Kubernetes (Daniele Polencic)==

Xposer Kubernetes Controller To Manage Ingresses

• Xposer 🌟 A Kubernetes controller to manage (create/update/delete) Kubernetes Ingresses based on the Service
  • Problem: We would like to watch for services running in our cluster; and create Ingresses and generate TLS certificates automatically (optional)
  • Solution: Xposer can watch for all the services running in our cluster; Creates, Updates, Deletes Ingresses and uses certmanager to generate TLS certificates automatically based on some annotations.

Software-Defined IP Address Management (IPAM)

• IP Address Management (IPAM)
• fusionlayer.com: Software-Defined IP Address Management (IPAM)
  • Cloud computing and service automation are changing the way in which applications and data are being delivered and consumed. The existing 30-year-old networking model is failing to keep up with the automated service architectures and the Internet of Things (IoT) based on end-to-end automation.
  • To facilitate the migration to cloud-era computing, service providers and data centers must add networking into the automated service workflows. This requires agility and elasticity that traditional networking products are not designed to provide. As IT environments of tomorrow involve a plethora of orchestrators and controllers spinning up services and applications inside shared networks, they all must be managed and provisioned by a unified solution authoritative for all network-related information.

CNI Container Networking Interface

• Kubernetes.io: Network Plugins
• rancher.com: Container Network Interface (CNI) Providers
• github.com/containernetworking 🌟
  • CNI
• dzone: How to Understand and Set Up Kubernetes Networking 🌟 Take a look at this tutorial that goes through and explains the inner workings of Kubernetes networking, including working with multiple networks.
• medium: Container Networking Interface aka CNI
• itnext.io: Benchmark results of Kubernetes network plugins (CNI) over 10Gbit/s network (Updated: August 2020)

List of existing CNI Plugins (IPAM)

• Kubernetes Networking
• Overlay Network plugins:
  • Flannel
  • Weave-net
• Routed Network Plugins:
  • AWS-VPC
  • kube-router
  • Calico
  • VMware-tanzu Antrea
• IPAM modules:
  • dhcp
  • host-local
• Multi CNI plugins:
  • Damn
  • Multus
  • CNI-Genie

Project Calico

• tigera.io
• Project Calico 🌟 Secure networking for the cloud native era
• medium: Calico for Kubernetes networking: the basics & examples
• thenewstack.io: Tigera's Calico Aims to Ease Connectivity Pain with Kubernetes
• projectcalico.org: Advertising Kubernetes Service IPs with Calico and BGP
• mhmxs.blogspot.com: Autoscaling Calico Route Reflector topology in Kubernetes
• tigera.io: Enforcing Network Security Policies with GitOps – Part 1 (Calico + ArgoCD) Network policy is a key element of Kubernetes security. Network policy is expressed as a YAML configuration and works very well with GitOps. By adopting GitOps, security teams benefit in the following ways:
  • Take your policies with you. Kubernetes cluster creation from code is fairly common. It is much easier and less error-prone to push your Git-based policies to a new cluster.
  • You can monitor policy changes using information from pull requests. This will also be easy to integrate with your existing systems, instead of writing integrations from scratch. If something goes wrong, you can simply roll back to an earlier commit.
  • You can lock down who can deploy security policies. If you lock it down to only a single Git user, that will be easy to control. Everybody else can push their policy changes into Git via pull request.
  • Your GitOps tool can ensure that it will override any accidental or malicious change at runtime. This solves a major compliance concern. Git becomes the source of truth for your security policies.
  • It would be much easier to manage if no user could create a security policy from kubectl. Then you can enable de-centralized security by creating specific users for different services, and giving them rights to deploy only specific policies. Developers and DevOps teams are very comfortable with the notion of a Git pipeline.
• blog.devgenius.io: K8s Networking — Calico (Part1) Introduction to Calico.
• medium.com/@arbnair97: Introduction to Kubernetes Network Policy and Calico Based Network Policy Kubernetes Network Policies are designed to control the network's traffic flow in and out of the cluster. This article will teach you how to use Network Policies with the Calico CNI.

DNS Service with CoreDNS

• medium: How to Autoscale the DNS Service in a Kubernetes Cluster
• thenewstack.io: Supercharge CoreDNS with Cluster Addons 🌟
• sysdig.com: How to monitor coreDNS 🌟 The most common problems and outages in a Kubernetes cluster come from coreDNS, so learning how to monitor coreDNS is crucial.
• ungleich.ch: Making kubernetes kube-dns/CoreDNS publicly reachable
• iamitcohen.medium.com: DNS in Kubernetes, how does it work?
• nslookup.io: The life of a DNS query in Kubernetes In Kubernetes, DNS queries follow a specific path to resolve the IP address of a hostname. In this blog post, you will learn the life of a DNS query in Kubernetes step-by-step.
• levelup.gitconnected.com: Kubernetes with CoreDNS

Kubernetes Node Local DNS Cache

• NodeLocal DNSCache
• Kubernetes Node Local DNS Cache

k8gb

• k8gb.io A cloud native Kubernetes Global Balancer
• blog.abaganon.com: Why you probably won’t use K8gb.io This article covers the 2 kinds of Global Server Load Balancers and goes into some hands-on specifics of K8gb — the first open-source DNS-based Global Server Load balancer for Kubernetes.

VPC Lattice

• dev.to/aws-builders: Amazon VPC Lattice — Build Applications, Not Networks An exciting new service that simplifies the networking layer for developers and cloud administrators.

Images

??? note "Click to expand!"

<center>

[![k8s service types img](images/k8s_service_types_matrix.png)](https://home.robusta.dev/blog/kubernetes-service-vs-loadbalancer-vs-ingress)

</center>

Videos

??? note "Click to expand!"

<center>

<iframe width="560" height="315" src="https://www.youtube.com/embed/T4Z7visMM4E" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
<iframe width="560" height="315" src="https://www.youtube.com/embed/5cNrTU6o3Fw" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
<iframe width="560" height="315" src="https://www.youtube.com/embed/80Ew_fsV4rM" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
<iframe width="560" height="315" src="https://www.youtube.com/embed/VSn6DPKIhM8?si=pNaN7q9t3UKWaEhK" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>

</center>

Tweets

Click to expand!

Kubernetes is an example of what happens when you have an indefinitely complex network stack and no troubleshooting tools in place.

— Jaana Dogan ヤナ ドガン (@rakyll) November 10, 2021

<script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>

Let's see how many folks here haven't seen this thread on Kubernetes Networking.

Once again, the thread doesn't try to explain the subject matter in great detail but offers a particular learning order instead.

As usual, based on my personal experience 🔽 pic.twitter.com/pxCWJUxj5j

— Ivan Velichko (@iximiuz) November 28, 2021

<script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>

🧵 How does Pod to Pod communication work in Kubernetes?

How does the traffic reach the right Pod?

Let's see 👇 pic.twitter.com/gF2eVWYL4Q

— Daniele Polencic (@danielepolencic) January 31, 2022

<script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>

When your apps receive a ton of traffic, how do you scale your Ingress Controller in Kubernetes?

Here is what I do 👇 pic.twitter.com/T6aYurE7Lj

— Daniele Polencic (@danielepolencic) March 2, 2022

<script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>

Should you use a single Kubernetes Ingress controller or multiple?

On Monday 8PT/5CET Andrea will make a convincing case on why multiple controllers are good for

✅ security
✅ segregating team & resources
✅ isolation

Register here (it's free) https://t.co/62oKodt7tQ pic.twitter.com/DWNy0iTYq6

— Learnk8s (@learnk8s) March 13, 2022

<script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>

Networking in Kubernetes is arguably the most important piece.

Why?

Because there’s not much you can do in a Kubernetes cluster without proper networking.

A thread 🧵

— Michael Levan 👨🏻‍💻☕️ (@TheNJDevOpsGuy) December 27, 2022

<script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>

How do you deal with peaks of traffic in Kubernetes?

You can use an autoscaler, but how should you configure and test it?

Let's dive into it. pic.twitter.com/AxfEgqyEFW

— Daniele Polencic — @danielepolencic@hachyderm.io (@danielepolencic) April 17, 2023

<script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>

- [Control Plane Load Balancing Explained](https://t0.mirantis.com/control-plane-load-balancing-explained-ad3816837cc0) - *(Related to kubernetes topic)*