- Terms A domain name (or just “domain”) is a string the form bar.foo.com.. Not all domains refer to physical ...
- Kind offers an excellent UX to Kubernetes developers but lacks support for caching images; each time you recreate a new cluster, all the previous downloaded images are gone. In this post, I explain why the default Docker network is a trap and how to set up a registry & make sure that it actually works.
- Mitmproxy is an excellent tool that helps us understand what network calls are made by programs. And kubectl is one of these interesting programs, but it uses a mutual TLS authentication which is tricky to get right.
- In one of my previous posts, I studied how traffic flows when using Kubernetes Services. While drawing the last diagram, I did not clearly see how traffic could make its way back to the user. In this post, I focus on how packets find their way back and what makes stateless rewriting interesting.
- The Service and Ingress respectively brings L4 and L7 traffics to your pods. In this article, I focus on how traffic flows in and what are the interactions between the ingress controller and the "service-lb controller" (the thing that creates the external load balancer). I also detail how the `hostPort` approach shapes traffic.
- Some pods were unable to connect to the kube-proxy pod on one of my GKE Kubernetes clusters. This post present an in-depth investigation using tcpdump, wireshark and iptables tracing.
- I want to avoid using the expensive Google Network Load Balancer and instead do the load balancing in-cluster using akrobateo, which acts as a LoadBalancer controller.