Créer un compteSe connecter

Recherches récentes

Aucune recherche récente

Options de recherche

Disponible uniquement lorsque vous êtes connecté.
mastouille.fr est l'un des nombreux serveurs Mastodon indépendants que vous pouvez utiliser pour participer au fédiverse.
Mastouille est une instance Mastodon durable, ouverte, et hébergée en France.

Administré par :

Statistiques du serveur :

620
comptes actifs

mastouille.fr: À proposAnnuaire des profilsPolitique de confidentialité

Mastodon: À proposTélécharger l’applicationRaccourcis clavierVoir le code sourcev4.3.4

#k8s

3 messages3 participants0 message aujourd’hui
A répondu dans un fil de discussion
Public
Ariel

Putting aside the question of *which* node should be advertising a given service via BGP - *what* would it advertise? Services /can/ have multiple IPs but that's not usually the case. It's primarily a single ClusterIP to indirect backends right?

Okay so *somehow* the IP gets advertised but what range do you put on it?

The entire service CIDR sure is convenient but then what? All services hit the same node and get converted to in-cluster IP forwarding? Can you even advertise a range with multiple gateways? Probably. But this is also playing roulette with nodes not having a backend on them. Even if you made the route advertisement only the nodes with backends for the service, it'd be quite a weighty way to do the indirection, and you're now moving that indirection *outside* the cluster - which is cool but seems to violate the idea that services should be internal-only.

@hugo Halp

#Networking#Kubernetes#k8s
Suite du fil
Public
Ariel

So the default kubernetes service has no `selector` in spec, which, according to the v1 `Service` spec:

> If empty or not present, the service is assumed to have an external process managing its endpoints, which Kubernetes will not modify.

But fetching endpoints (or endpointslices rather) yields none for the default service. This would explain the CNI not doing anything about the Service. Does not explain the lack of service routing for ones that *do* have endpointSlices

Am I missing some Cilium option to make it manage the endpoint?

#Cilium#CiliumCNI#Kubernetes
Public
Ludovic :Firefox: :FreeBSD:

Dns defaults in kuberbetes
linkedin.com/feed/update/urn:l

www.linkedin.com#kubernetes #devops #dns #observability #performance #networking #kubedns… | Adam Danko | 24 commentairesThe Kubernetes default that cost us performance: *** In Kubernetes, 'ndots:5' is set by default in '/etc/resolv.conf'. This means every hostname with fewer than 5 dots goes through every search domain - before even trying the actual FQDN. So when your app tries to resolve 'example.com', it might actually generate multiple DNS queries like: 'example.com.svc.cluster.local' 'example.com.google.internal' 'example.com.cluster.local' 'example.com' Each failed lookup = latency, DNS noise, and pointless retries. 🔍 As Tim Hockin (Kubernetes co-founder) explained back in 2016: “This is a tradeoff between automagic and performance.” The default 'ndots:5' isn’t about optimization - its about making things “just work” across SRV records, multi-namespace service lookups, and what were then called PetSets (now StatefulSets). Even if it means triggering multiple DNS lookups before hitting the actual domain. So yes - it comes at a performance cost. ✅ What are the possible workarounds? - Use FQDNs ("my-service.my-namespace.svc.cluster.local.") - dont forget the trailing dot to skip search paths - Lower the 'ndots' value with dnsConfig at the pod level or at a wider level using policy engines (Gatekeeper, Kyverno) - Reduce unnecessary search domains in your cluster setup 🔎 Real-world impact: After lowering ndots, we saw a clear drop in both conntrack table usage and application latency - confirming the reduction in DNS query volume and retries. (Image attached - green, yellow, and blue lines are the nodes with kube-dns on them.) The impact is most noticeable if your workloads involves: - Low-latency demands - Constant DNS resolution 👉 Have you tuned your DNS settings - or just lived with the default? What other Kubernetes defaults have surprised you in production? (Source of Tim's comment: https://lnkd.in/dBVDeCCD) #kubernetes #devops #dns #observability #performance #networking #kubedns #coredns #openshift | 24 commentaires sur LinkedIn
#k8s
Public
Adële 🌹

I don't use containerization ( #docker, #k8s or whatever) on my servers, I only use distrib packages or sources of the app I want to install... the old way, so.
Does dockerized applications need more resources? or is it insignificant?
Usually, I install small servers.

ExplorerFlux en direct
À propos