Great video! This the best and most complete explanation of what kube-proxy is and how load balancing modes (iptables,ipvs) works in Kubernetes. Thank you for providing these exceptional courses to tech professionals!
at 13:26 I believe the endpoints that got saved in ETCD should be pods IPs (172.16.9.68 , 172.16.9.144 ) , correct ? Also Thank you so much for such great video from which I've learned a lot.
Hi, my apologies for late response, your post had been flagged as a spam due to the IP addresses in the content. You are right, that is a typo. Thanks for noticing it and glad you found it helpful.
Your videos are really great and very helpful, could not find any better than this on youtube to understand kubernetes networking in depth. can you please create some videos on kubernetes troubleshooting as well?
Hi, If you mean outside Kubernetes, the answer is yes. For Kubernetes, it is set at the cluster level, so you won't be able to change the load balancing algorithm at the service level.
Thank you for the great video! I'd have a question regarding the fall-back on iptables. Could you provide some details on why ipvs mode cannot handle eg. NodePort type service? Does this mean that the load balancing also reverts to the default used with iptables, or does ipvs still handle that part, and just uses iptables for eg. SNAT? Thanks a lot!
Hi, thank you, and glad you found it helpful. IPVS is incapable of SNAT and masquerading, in those situations, the SNAT/Masqurating rules are saved in rule tables known as "IPSET". Please note the following: 1- IPSsets are indexed so unlike regular iPTable rules, they are not sequentially processed. In other words, they are a magnitude more performant than IPtable rules. 2- As stated earlier, only SNAT/Masqurating rules are saved in IPSet tables so performance hit when the service is consumed externally is really negligible.
@@TheLearningChannel-Tech Thank you so much for the reply! Just for completeness, I tested it and the load balancing algorithms of ipvs work even in the fall-back cases :)
I genuinely wonder how well IPVS works in production though because very few shops will run thousands of services on a single cluster so I dubious as to how reliable the integration is on the k8s side given how open source k8s is?
Hi, IPVS has been part of Linux Kernel for quite some time now and is widely used in prod. The CNI providers such as Cilium are moving towards a newer technology called eBPF, here is a link to a video where I go into details: ruclips.net/video/aLq3O3l2LF4/видео.html
Thanks, Gary for this wonderful series of tech. videos. I would like to ask you to make some more in-depth discussion on api server and control manager
Hi, this a good resource: www.budgetvm.com/kb/ip-tables-block-ip/#:~:text=To%20block%20outgoing%20traffic%20to%20a%20specific%20IP%2C,way%2C%20you%20can%20block%20a%20range%2Fsubnet%20of%20IPs.?msclkid=f41b0ac2cf9511ec9c6debb654344409
Great video. Rare to find such detailed tutorial on advanced topic. Would you please consider as an indepth kubernetes Security topic or series as well ?
Hi and thanks for your comment! I already have some videos on Kubernetes network security policies that you view on this play list:ruclips.net/p/PLSAko72nKb8QOVoWZqgn4mCCpfGFZZlEI I'll be adding more Kubernetes operational security videos in the future.
Hi Tracy, Thank you very much! If you have other Kubernetes topics that you would like a video on, please post. My mind reading abilities are limited, LOL!
Hi Sri, round-robin is actually the only supported mode in iptables mode. The first POD is selected at random but then on other PODs are selected in a round-robin fashion.
Anyways you give detailed explanation for everything we smoothly changed our cluster to IPVS mode following your video and there is no latency now thanks again
Great video! This the best and most complete explanation of what kube-proxy is and how load balancing modes (iptables,ipvs) works in Kubernetes. Thank you for providing these exceptional courses to tech professionals!
Hi Bijan, thank you very much for the kind words. Glad it was helpful!
at 13:26
I believe the endpoints that got saved in ETCD should be pods IPs (172.16.9.68 , 172.16.9.144 ) , correct ?
Also Thank you so much for such great video from which I've learned a lot.
Hi, my apologies for late response, your post had been flagged as a spam due to the IP addresses in the content. You are right, that is a typo. Thanks for noticing it and glad you found it helpful.
This is the best kubernetes series on the internet.
Thanks, glad you found them helpful.
very useful video on IPVS :), thank you very much😍
Glad it was helpful!
Your videos are really great and very helpful, could not find any better than this on youtube to understand kubernetes networking in depth. can you please create some videos on kubernetes troubleshooting as well?
Is it possible to setup different IPVS load balancing algorithms for different services?
Hi,
If you mean outside Kubernetes, the answer is yes. For Kubernetes, it is set at the cluster level, so you won't be able to change the load balancing algorithm at the service level.
Hi, I have a question at 19:20, why src and source of DNAT are both 0.0.0.0/0?
Hi, all zeroes mean any. So that means the rule applies from any source to any destination.
THis course is simply exceptional.... Such indepth knowlwdge.. and simple explanatiom to cover every details is out of this world...
Thank you for the great video!
I'd have a question regarding the fall-back on iptables. Could you provide some details on why ipvs mode cannot handle eg. NodePort type service? Does this mean that the load balancing also reverts to the default used with iptables, or does ipvs still handle that part, and just uses iptables for eg. SNAT?
Thanks a lot!
Hi, thank you, and glad you found it helpful. IPVS is incapable of SNAT and masquerading, in those situations, the SNAT/Masqurating rules are saved in rule tables known as "IPSET". Please note the following:
1- IPSsets are indexed so unlike regular iPTable rules, they are not sequentially processed. In other words, they are a magnitude more performant than IPtable rules.
2- As stated earlier, only SNAT/Masqurating rules are saved in IPSet tables so performance hit when the service is consumed externally is really negligible.
@@TheLearningChannel-Tech Thank you so much for the reply! Just for completeness, I tested it and the load balancing algorithms of ipvs work even in the fall-back cases :)
@@dorle3046 Great, thanks for testing and providing feedback!
perfect demonstration
I genuinely wonder how well IPVS works in production though because very few shops will run thousands of services on a single cluster so I dubious as to how reliable the integration is on the k8s side given how open source k8s is?
Hi,
IPVS has been part of Linux Kernel for quite some time now and is widely used in prod. The CNI providers such as Cilium are moving towards a newer technology called eBPF, here is a link to a video where I go into details: ruclips.net/video/aLq3O3l2LF4/видео.html
@@TheLearningChannel-Tech thanks, gary! I've watched your cilium video, but thank you for the tip, that's very helpful.
Awesome stuff. The colors though - they are killing my eyes...
Real deep dive on ipvs and k8s svc. Thank you for making insightful video and share it.
Awesome stuff!!
Thanks, Gary for this wonderful series of tech. videos. I would like to ask you to make some more in-depth discussion on api server and control manager
Thx
May I know, how can we block the outgoing traffic to a IP address using iptables?
Hi, this a good resource: www.budgetvm.com/kb/ip-tables-block-ip/#:~:text=To%20block%20outgoing%20traffic%20to%20a%20specific%20IP%2C,way%2C%20you%20can%20block%20a%20range%2Fsubnet%20of%20IPs.?msclkid=f41b0ac2cf9511ec9c6debb654344409
Great video. Very detailed and clear explanation. Thank you
wow amazing contents,thanks for sharing your knowledge, really apprieciate it
Many thanks! Glad you found them helpful.
Absolutely the best series on K8s working principles and scenarios on the internet!
Thank you!
Thank you, sir! Please keep releasing new tutorials!
Great job. Not easy to pull out such a great content with so much depth.
This feels like a college course. I feel like I should be paying money.
Thanks, there is a Thank you $ button below the video screen that you can use to contribute if you wish.
The great content, as usually, thanks Gary.
Great video. Rare to find such detailed tutorial on advanced topic. Would you please consider as an indepth kubernetes Security topic or series as well ?
Hi and thanks for your comment!
I already have some videos on Kubernetes network security policies that you view on this play list:ruclips.net/p/PLSAko72nKb8QOVoWZqgn4mCCpfGFZZlEI
I'll be adding more Kubernetes operational security videos in the future.
Marvelous..
I always first like and then watch. Great videos
Hi Mohamed, thank you very much, greatly appreciate your kind words!
The great content, as usually, thanks Gary.
Thank you, Alex, much appreciated!
great video with clear explanation and good demo
Thank you!
Great video thanks a bunch
Hi Marc, thanks very much!
Great video!
Glad you enjoyed it
Great!!!!! just want to learn those things !
Hi Tracy, Thank you very much! If you have other Kubernetes topics that you would like a video on, please post. My mind reading abilities are limited, LOL!
@@TheLearningChannel-Tech LOL your videos are very very helpful and comprehensive. Sure ! I will share with you when I have some other topics!
@@tracylee8446 Thank you, Tracy.
Great Video! I have a question will kube-proxy in iptables mode do round-robin? I think its random
Hi Sri, round-robin is actually the only supported mode in iptables mode. The first POD is selected at random but then on other PODs are selected in a round-robin fashion.
Anyways you give detailed explanation for everything we smoothly changed our cluster to IPVS mode following your video
and there is no latency now thanks again
@@sriteja2510 Great, thanks for the comments and feedback!