K8S

-

 


So this cluster is using:

----------Shorts------------
3-Master && 8-Worker cluster (172.27.69.36-172.27.69.46)
CNI-Plugin: Calico [*CNI-Container Network Interface]
VXLAN encapsulation (VNIID - 4096, outer ip Node-IPs)
IPVS kube-proxy (Linux IP virtual server)
CSI : Longhorn [*container storage interface]
POD-IP allocated by CNI from POD-CIDR
Service-IP Allocated by kube-apiserver from Service CIDR
Containers : Waiting > Running > Terminated
POD :Pending > Running > Succeeded >Failed >unknown

probes & health-checks
Startup Probe: Indicates application startup, delaying other probes.
Liveness Probe: Checks if a container is running; failure triggers restarts based on restartPolicy.
Readiness Probe: Checks if a container can accept traffic; failure removes the Pod from service endpoints.

Example:
 Liveness:             tcp-socket :kafka-client delay=10s timeout=5s period=20s #success=1 #failure=6
    Readiness:            tcp-socket :kafka-client delay=5s timeout=5s period=10s #success=1 #failure=6
    Startup:              tcp-socket :kafka-client delay=30s timeout=1s period=10s #success=1 #failure=15


Requests & limits
request Guaranteed minimum
limit Maximum allowed
#CPU - request = average & limit = peak (spike - CPU > limit → throttling → latency )
#RAM - request ≈ limit (spike - Memory > limit → OOMKilled → restart)
--------Shorts-----------------

---------
In Kubernetes, IPVS (IP Virtual Server) is a kube-proxy mode that provides high-performance, layer 4 (transport-layer) load balancing for services, specifically designed to address the scalability limitations of the default iptables mode in large clusters. It uses more efficient data structures (hash tables) in the Linux kernel for routing traffic. 
--------

root@ems203-m1:/home/labadmin# kubectl get ippools -o yaml
apiVersion: v1
items:
- apiVersion: crd.projectcalico.org/v1
  kind: IPPool
  metadata:
    annotations:
      projectcalico.org/metadata: '{"creationTimestamp":"2025-10-22T21:37:34Z"}'
    creationTimestamp: "2025-10-22T21:37:34Z"
    generation: 1
    name: default-pool
    resourceVersion: "1348"
    uid: 93629893-8cee-4212-bed1-c472e4cefd37
  spec:
    allowedUses:
    - Workload
    - Tunnel
    blockSize: 26
    cidr: 10.233.64.0/18
    ipipMode: Never
    natOutgoing: true
    nodeSelector: all()
    vxlanMode: Always
kind: List
metadata:
  resourceVersion: ""

root@ems203-m1:/home/labadmin# kubectl cluster-info dump | grep -m1 service-cluster-ip-range
                            "--service-cluster-ip-range=10.233.0.0/18",


root@ems203-m1:/home/labadmin# ip a | grep -A 3 ens3
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 52:54:00:f6:32:7c brd ff:ff:ff:ff:ff:ff
    altname enp0s3
    inet 172.27.69.36/22 brd 172.27.71.255 scope global ens3
       valid_lft forever preferred_lft forever
    inet6 fe80::5054:ff:fef6:327c/64 scope link
       valid_lft forever preferred_lft forever
root@ems203-m1:/home/labadmin# ip a | grep -A 3 vxlan.calico
4: vxlan.calico: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default qlen 1000
    link/ether 66:1d:ce:65:46:57 brd ff:ff:ff:ff:ff:ff
    inet 10.233.64.64/32 scope global vxlan.calico
       valid_lft forever preferred_lft forever
    inet6 fe80::641d:ceff:fe65:4657/64 scope link
       valid_lft forever preferred_lft forever
root@ems203-w2:/home/labadmin# ip a | grep -A 3 ens3
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 52:54:00:2d:5d:fa brd ff:ff:ff:ff:ff:ff
    altname enp0s3
    inet 172.27.69.40/22 brd 172.27.71.255 scope global ens3
       valid_lft forever preferred_lft forever
    inet6 fe80::5054:ff:fe2d:5dfa/64 scope link
       valid_lft forever preferred_lft forever
root@ems203-w2:/home/labadmin# ip a | grep -A 3 vxlan.calico
12: vxlan.calico: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default qlen 1000
    link/ether 66:27:39:67:b9:64 brd ff:ff:ff:ff:ff:ff
    inet 10.233.101.192/32 scope global vxlan.calico
       valid_lft forever preferred_lft forever
    inet6 fe80::6427:39ff:fe67:b964/64 scope link
       valid_lft forever preferred_lft forever

root@ems203-m1:/home/labadmin# ip route | grep vxlan
10.233.67.192/26 via 10.233.67.192 dev vxlan.calico onlink
10.233.97.64/26 via 10.233.97.64 dev vxlan.calico onlink
10.233.98.64/26 via 10.233.98.64 dev vxlan.calico onlink
10.233.100.128/26 via 10.233.100.128 dev vxlan.calico onlink
10.233.101.128/26 via 10.233.101.128 dev vxlan.calico onlink
10.233.101.192/26 via 10.233.101.192 dev vxlan.calico onlink
10.233.111.192/26 via 10.233.111.192 dev vxlan.calico onlink
10.233.120.192/26 via 10.233.120.192 dev vxlan.calico onlink
10.233.127.64/26 via 10.233.127.64 dev vxlan.calico onlink
10.233.127.128/26 via 10.233.127.128 dev vxlan.calico onlink
root@ems203-m1:/home/labadmin# calicoctl node status
Calico process is running.
The BGP backend process (BIRD) is not running.
Default Value: By default, Calico uses VNI 4096 for its VXLAN overlay.

#registered VTEP IPS
root@ems203-m1:/home/labadmin# kubectl get nodes -o jsonpath='{range .items[*]}{.metadata.name}{"\t"}{.metadata.annotations.projectcalico\.org/IPv4VXLANTunnelAddr}{"\n"}{end}'
ems203-m1       10.233.64.64
ems203-m2       10.233.100.128
ems203-m3       10.233.111.192
ems203-w1       10.233.67.192
ems203-w2       10.233.101.192
ems203-w3       10.233.127.128
ems203-w4       10.233.97.64
ems203-w5       10.233.120.192
ems203-w6       10.233.101.128
ems203-w7       10.233.98.64
ems203-w8       10.233.127.64
root@ems203-m1:/home/labadmin# bridge fdb show dev vxlan.calico
66:62:8e:1f:5b:9b dst 172.27.69.43 self permanent
66:27:39:67:b9:64 dst 172.27.69.40 self permanent
66:b9:32:4c:3e:8a dst 172.27.69.42 self permanent
66:37:0d:d0:a5:13 dst 172.27.69.37 self permanent
66:15:cb:8b:89:03 dst 172.27.69.46 self permanent
66:41:0c:6a:9d:3f dst 172.27.69.38 self permanent
66:e2:e9:96:9f:82 dst 172.27.69.39 self permanent
66:40:b6:b5:48:59 dst 172.27.69.44 self permanent
66:ae:75:42:69:72 dst 172.27.69.41 self permanent
66:8f:43:dd:a8:2f dst 172.27.69.45 self permanent

##networking (from Worker2's perspective)
-----------------------------
*** each pod creates one namespace & veth pair
----------------------------
What a veth pair looks like in Kubernetes (Calico)

For each pod, Calico creates a veth pair:
[ pod netns ]           [ host netns ]
eth0  <──────────────>  caliXXXXXXXX
eth0 → inside the pod
caliXXXXXXXX → on the node (host)

## same node pod-to-pod
Pod A eth0
 → veth
 → caliXXXX
 → Linux bridge / routing
 → caliYYYY
 → veth
 → Pod B eth0
Different node pod-to-pod
Pod eth0
 → veth
 → caliXXXX
 → vxlan.calico
 → remote node

root@ems203-m1:/home/labadmin# kubectl get pods -A -o wide | grep ems203-w2 | grep -c 10.233.101
24

root@ems203-m1:/home/labadmin# kubectl get pods -A -o wide | grep ems203-w2
ems               borabora-operator-con  1/1     Running     0 2d20h   10.233.101.215   ems203-w2
ems               docker-proxy-7778887f  2/2     Running     0 31d     10.233.101.255   ems203-w2
ems               ems-actor-alarms-proc  1/1     Running     0 2d20h   10.233.101.222   ems203-w2
ems               ems-actor-individual-  1/1     Running     0 2d21h   10.233.101.226   ems203-w2
ems               ems-actor-ipadb-diagn  1/1     Running     0 2d20h   10.233.101.230   ems203-w2
ems               ems-apigw-kong-5b957b  2/2     Running     0 9d      10.233.101.248   ems203-w2
ems               ems-apigw-kong2-7669c  2/2     Running     0 9d      10.233.101.197   ems203-w2
ems               ems-apigw-kong3-57cf4  2/2     Running     0 9d      10.233.101.246   ems203-w2
ems               ems-inventory-plannin  2/2     Running     0 2d20h   10.233.101.251   ems203-w2
ems               ems-mongo-sharded-sha  2/2     Running     0 11d     10.233.101.228   ems203-w2
ems               ems-mongo-sharded-sha  2/2     Running     0 11d     10.233.101.202   ems203-w2
ems               ems-strimzi-controlle  1/1     Running     0 2d21h   10.233.101.210   ems203-w2
ems               ems-vault-1            1/1     Running     0 31d     10.233.101.220   ems203-w2
ems               nemo-physical-invento  1/1     Running     0 2d20h   10.233.101.193   ems203-w2
kube-system       calico-node-xf66h      1/1     Running     1 72d     172.27.69.40     ems203-w2
kube-system       kube-proxy-kpcv9       1/1     Running     1 72d     172.27.69.40     ems203-w2
kube-system       nginx-proxy-ems203-w2  1/1     Running     1 72d     172.27.69.40     ems203-w2
longhorn-system   csi-provisioner-7fd99  1/1     Running     0 31d     10.233.101.243   ems203-w2
longhorn-system   csi-resizer-6c5c96c47  1/1     Running     0 31d     10.233.101.244   ems203-w2
longhorn-system   engine-image-ei-516d8  1/1     Running     1 72d     10.233.101.235   ems203-w2
longhorn-system   instance-manager-47f6  1/1     Running     0 31d     10.233.101.213   ems203-w2
longhorn-system   longhorn-csi-plugin-v  3/3     Running     3 72d     10.233.101.204   ems203-w2
longhorn-system   longhorn-manager-sl86  1/1     Running     2 72d     10.233.101.233   ems203-w2
metal-lb          ems-metallb-speaker-r  1/1     Running     0 2d21h   172.27.69.40     ems203-w2
observability     alertmanager-ems-obse  2/2     Running     0 31d     10.233.101.196   ems203-w2
observability     ems-fluentd-fqkw2      1/1     Running     0 2d20h   10.233.101.227   ems203-w2
observability     ems-observability-met  1/1     Running     0 31d     10.233.101.254   ems203-w2
observability     ems-observability-met  1/1     Running     1 32d     172.27.69.40     ems203-w2
observability     prometheus-ems-observ  3/3     Running     0 31d     10.233.101.201   ems203-w2

root@ems203-w2:/home/labadmin# ip netns     >> for every pod there is one namespace
cni-16b44cd2-be79-1226-e793-b21de25854ec (id: 1)
cni-e554c17d-f7b3-0556-27af-59b6439537ad (id: 14)
cni-22636b6a-bd96-c944-31e1-359cf3584c00 (id: 23)
cni-9665d23e-74cc-713d-d4fb-4b8875a4df47 (id: 16)
cni-7e6de89b-14fe-9a9d-93ce-52b60417816d (id: 12)
cni-0f55d5e6-6701-db32-d43d-01455ebd418f (id: 11)
cni-dddc8902-44a4-9fac-8444-9b2195ebe076 (id: 21)
cni-75507301-1e8b-9938-7e85-f682d2824953 (id: 10)
cni-6ac17040-6903-edae-8d08-3ef8070bca3a (id: 19)
cni-8f0bdb30-8238-0856-9ed8-b0a00aced70f (id: 17)
cni-0b4940d4-5367-bc02-f46d-b8d1de393307 (id: 0)
cni-9f7608ab-b1f5-3b27-e0d6-a7a2c9674959 (id: 15)
cni-d06aa35b-b00d-2f47-a731-15a5b7253dfd (id: 4)
cni-9ac5ed03-a60b-b12c-30de-3f4f1bdbaff9 (id: 13)
cni-5cfad411-6821-68c7-94ad-11389718ae12 (id: 6)
cni-6a7332e2-e035-5694-5ad4-c7d702ae5a55 (id: 2)
cni-a0dba22d-a18d-d062-be37-3ec5afd1c1e8 (id: 25)
cni-393b5f46-ce4d-4b3c-9534-866ce28aeb55 (id: 24)
cni-37cd7fc2-fc57-3701-5376-e5ce17227118 (id: 22)
cni-276ff20b-a39e-5f95-9b72-8b337d0f62e1 (id: 9)
cni-7eb3609f-194b-01e8-2cd5-bc0bfa0b4916 (id: 8)
cni-b283c2ed-7b25-657e-5d9d-b78680516442 (id: 7)
cni-733ddcba-b3f5-f981-c892-7d18287fcd5e (id: 5)
cni-4490cc3b-01b3-bc9f-6e8e-079d636fb36f (id: 3)
root@ems203-w2:/home/labadmin# ip netns | wc -l
24

root@ems203-w2:/home/labadmin# ip netns exec cni-16b44cd2-be79-1226-e793-b21de25854ec ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0@if1268: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default qlen 1000
    link/ether d6:f4:84:0c:5f:69 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.233.101.193/32 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::d4f4:84ff:fe0c:5f69/64 scope link
       valid_lft forever preferred_lft forever
   
eth0@if1268  <──── veth ────>  cni-16b44cd2-be79-1226-e793-b21de25854ec   

All About Kubernetes Services 

1.Type-ClusterIP
kubectl describe svc ad-proxy -n ems
ClusterIP: 10.233.12.43
Port:      8636
TargetPort: proxy-port → 8636
Endpoint:  10.233.127.106:8636

Now look at IPVS output 
TCP  10.233.12.43:8636 rr
  -> 10.233.127.106:8636  Masq  1  0  0

MeaningField                     Meaning
10.233.12.43:8636         ClusterIP + ServicePort
rr                                Round-robin scheduler
10.233.127.106:8636 Pod IP + container port
Masq                        SNAT (default kube-proxy behavior)

ClusterIP services are implemented as IPVS virtual servers


2.NodePort
TCP  172.27.69.36:30312 rr
  -> 10.233.101.197:9000
  -> 10.233.127.66:9000
  -> 10.233.127.184:9000
This is a NodePort service
Part           Meaning
172.27.69.36   Node IP
30312           NodePort
Backend ports   Pod targetPort

Traffic flow
Client
  |
  | NodeIP:30312
  |
IPVS virtual server
  |
  | RR
  |
Pods :9000

How kube-proxy (IPVS) builds this internally
For every Service, kube-proxy creates:
A) IPVS virtual server
<service IP>:<service port>
B) Real servers
<pod IP>:<targetPort>
C) Optional extras
NodePort → NodeIP:NodePort
LoadBalancer → ExternalIP:Port
SessionAffinity → persistent 10800

Final mental model (VERY IMPORTANT)
Think like this:
kubectl Service
     ↓
kube-proxy
     ↓
IPVS Virtual Server
     ↓
Endpoint Pods

Mapping table
Kubernetes IPVS
ClusterIP 10.x.x.x:port
NodePort NodeIP:3xxxx
Pod PodIP:targetPort
Service LB Round-robin
sessionAffinity persistent

Interview-grade explanation (short)
In IPVS mode, kube-proxy programs Linux IPVS.
Each Kubernetes Service becomes an IPVS virtual server, and each Pod endpoint becomes a real server.
NodePort and LoadBalancer services create additional virtual servers on node or external IPs that forward to the same pod backends.


All About DNS

root@ems203-m1:/home/labadmin# kubectl get svc -n kube-system coredns
NAME      TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)                  AGE
coredns   ClusterIP   10.233.0.3   <none>        53/UDP,53/TCP,9153/TCP   72d

root@ems203-m1:/home/labadmin#
#all service FQDN
kubectl get svc -A -o custom-columns="NAME:.metadata.name,NAMESPACE:.metadata.namespace,IP:.spec.clusterIP" | awk 'NR>1 {print $1"."$2".svc.cluster.local -> "$3}'

kubernetes.default.svc.cluster.local -> 10.233.0.1
a4-credential-manager.ems.svc.cluster.local -> 10.233.48.36
a4-credential-manager-authorized.ems.svc.cluster.local -> 10.233.6.130
ad-proxy.ems.svc.cluster.local -> 10.233.12.43
longhorn-admission-webhook.longhorn-system.svc.cluster.local -> 10.233.62.118
longhorn-backend.longhorn-system.svc.cluster.local -> 10.233.42.81
longhorn-conversion-webhook.longhorn-system.svc.cluster.local -> 10.233.5.229

#All POD FQDN
kubectl get pods -A -o custom-columns="IP:.status.podIP,NAMESPACE:.metadata.namespace" | awk 'NR>1 {gsub(/\./,"-",$1); print $1"."$2".pod.cluster.local"}'
10-233-127-160.ems.pod.cluster.local
10-233-127-106.ems.pod.cluster.local
10-233-67-193.ems.pod.cluster.local
10-233-12-43.ems.pod.cluster.local
172-27-69-39.metal-lb.pod.cluster.local
10-233-127-159.observability.pod.cluster.local
10-233-101-196.observability.pod.cluster.local

#how to verify
root@ems203-m1:/home/labadmin# kubectl exec -i dns-test -- nslookup 10-233-97-98.ems.pod.cluster.local
Server:    10.233.0.3
Address 1: 10.233.0.3 coredns.kube-system.svc.cluster.local
Name:      10-233-97-98.ems.pod.cluster.local
Address 1: 10.233.97.98 10-233-97-98.ems-forward-proxy.ems.svc.cluster.local

root@ems203-m1:/home/labadmin# kubectl exec -i dns-test -- nslookup 10.233.97.98
Server:    10.233.0.3
Address 1: 10.233.0.3 coredns.kube-system.svc.cluster.local
Name:      10.233.97.98
Address 1: 10.233.97.98 10-233-97-98.ems-forward-proxy.ems.svc.cluster.local
root@ems203-m1:/home/labadmin#


















EXTRAAAA


--------------

root@ems203-w2:/home/labadmin# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.27.69.40:30312 rr
  -> 10.233.101.197:9000          Masq    1      0          0
  -> 10.233.127.66:9000           Masq    1      0          0
  -> 10.233.127.184:9000          Masq    1      0          0
root@ems203-m1:/home/labadmin# kubectl get pods -A -o wide | grep 10.233.101.197
ems               ems-apigw-kong2-7669c84778-v5wbg                                  2/2     Running     0             10d     10.233.101.197   ems203-w2   <none>           <none>
root@ems203-m1:/home/labadmin# kubectl get pods -A -o wide | grep 10.233.127.66
ems               ems-apigw-kong2-7669c84778-gkz9b                                  2/2     Running     0             10d     10.233.127.66    ems203-w8   <none>           <none>
root@ems203-m1:/home/labadmin# kubectl get pods -A -o wide | grep 10.233.127.184
ems               ems-apigw-kong2-7669c84778-2jzw4                                  2/2     Running     0             10d     10.233.127.184   ems203-w3   <none>           <none>
root@ems203-m1:/home/labadmin#

kubectl get endpoints -A -o wide
kubectl get svc -A -o wide

SVC type
1.ClusterIp
2.NodePort
3.LoadBalancer
#1.ClusterIP
root@ems203-m1:/home/labadmin# kubectl describe svc nemo-adapter -n ems
Name:              nemo-adapter
Namespace:         ems
Labels:            app.kubernetes.io/instance=nemo-adapter
                   app.kubernetes.io/managed-by=Helm
                   app.kubernetes.io/name=nemo-adapter
                   app.kubernetes.io/version=1.20.0-55165626
                   helm.sh/chart=nemo-adapter-1.20.0-55165626
Annotations:       konghq.com/connect-timeout: 1800000
                   konghq.com/protocol: http
                   konghq.com/read-timeout: 1800000
                   konghq.com/write-timeout: 1800000
                   meta.helm.sh/release-name: nemo-adapter
                   meta.helm.sh/release-namespace: ems
Selector:          app.kubernetes.io/instance=nemo-adapter,app.kubernetes.io/name=nemo-adapter
Type:              ClusterIP
IP Family Policy:  SingleStack
IP Families:       IPv4
IP:                10.233.22.200
IPs:               10.233.22.200
Port:              http  80/TCP
TargetPort:        http/TCP
Endpoints:         10.233.101.131:8080,10.233.67.255:8080,10.233.98.95:8080
Session Affinity:  None
Events:            <none>
root@ems203-m1:/home/labadmin# kubectl get svc -A -o wide | grep nemo-adapter
NAMESPACE  NAME         TYPE      CLUSTER-IP      EXTERNAL-IP    PORT(S)   AGE    SELECTOR
ems        nemo-adapter ClusterIP 10.233.22.200   <none>         80/TCP    72d    app.kubernetes.io/instance=nemo-adapter,app.kubernetes.io/name=nemo-adapter
root@ems203-m1:/home/labadmin# kubectl get pods -A -o wide | grep 10.233.101.131
ems  nemo-adapter-789fb44447-5g6fn  2/2     Running     0  3d1h    10.233.101.131   ems203-w6   <none>           <none>
root@ems203-m1:/home/labadmin# kubectl get pods -A -o wide | grep 10.233.67.255
ems               nemo-adapter-789fb44447-mvpnz                                     2/2     Running     0             3d1h    10.233.67.255    ems203-w1   <none>           <none>
root@ems203-m1:/home/labadmin# kubectl get pods -A -o wide | grep 10.233.98.95
ems nemo-adapter-789fb44447-chmp8  2/2     Running     0  3d1h    10.233.98.95     ems203-w7   <none>           <none>




#2.Nodeport
apiVersion: v1
kind: Service
metadata:
  name: web-nodeport
spec:
  type: NodePort
  selector:
    app: web
  ports:
  - port: 80
    targetPort: 8080
    nodePort: 30080
#3.Loadbalancer
root@ems203-m1:/home/labadmin# kubectl describe svc ems-apigw-kong-proxy -n ems
Name:                     ems-apigw-kong-proxy
Namespace:                ems
Labels:                   app.kubernetes.io/instance=ems-apigw-kong
                          app.kubernetes.io/managed-by=Helm
                          app.kubernetes.io/name=kong
                          app.kubernetes.io/version=3.9
                          enable-metrics=true
                          helm.sh/chart=kong-2.48.0
Annotations:              meta.helm.sh/release-name: ems-apigw-kong
                          meta.helm.sh/release-namespace: ems
                          metallb.universe.tf/address-pool: kong
                          metallb.universe.tf/allow-shared-ip: 172.27.69.57
                          metallb.universe.tf/ip-allocated-from-pool: kong
                          metallb.universe.tf/loadBalancerIPs: 172.27.69.57
Selector:                 app.kubernetes.io/component=app,app.kubernetes.io/instance=ems-apigw-kong,app.kubernetes.io/name=kong
Type:                     LoadBalancer
IP Family Policy:         SingleStack
IP Families:              IPv4
IP:                       10.233.15.161
IPs:                      10.233.15.161
LoadBalancer Ingress:     172.27.69.57
Port:                     kong-proxy  80/TCP
TargetPort:               8000/TCP
NodePort:                 kong-proxy  30379/TCP
Endpoints:                10.233.101.248:8000,10.233.127.148:8000,10.233.98.100:8000
Port:                     kong-proxy-tls  443/TCP
TargetPort:               8443/TCP
NodePort:                 kong-proxy-tls  32290/TCP
Endpoints:                10.233.101.248:8443,10.233.127.148:8443,10.233.98.100:8443
Port:                     stream-9000  9000/TCP
TargetPort:               9000/TCP
NodePort:                 stream-9000  31783/TCP
Endpoints:                10.233.101.248:9000,10.233.127.148:9000,10.233.98.100:9000
Port:                     stream-9443  9443/TCP
TargetPort:               9443/TCP
NodePort:                 stream-9443  31219/TCP
Endpoints:                10.233.101.248:9443,10.233.127.148:9443,10.233.98.100:9443
Session Affinity:         None
External Traffic Policy:  Cluster
Events:
  Type    Reason        Age                  From             Message
  ----    ------        ----                 ----             -------
  Normal  nodeAssigned  55m (x17 over 3d2h)  metallb-speaker  announcing from node "ems203-w8" with protocol "layer2"

root@ems203-m1:/home/labadmin# kubectl get svc -A | grep Load
ems               ems-apigw-kong-proxy                                   LoadBalancer   10.233.15.161   172.27.69.57   80:30379/TCP,443:32290/TCP,9000:31783/TCP,9443:31219/TCP   72d
root@ems203-m1:/home/labadmin# kubectl get pods -A -o wide | grep 10.233.101.248
ems               ems-apigw-kong-5b957b6fdd-t2wwd                                   2/2     Running     0             10d     10.233.101.248   ems203-w2   <none>           <none>
root@ems203-m1:/home/labadmin# kubectl get pods -A -o wide | grep 10.233.127.148
ems               ems-apigw-kong-5b957b6fdd-zqsh9                                   2/2     Running     0             10d     10.233.127.148   ems203-w3   <none>           <none>
root@ems203-m1:/home/labadmin# kubectl get pods -A -o wide | grep 10.233.98.100
ems               ems-apigw-kong-5b957b6fdd-ch5kq                                   2/2     Running     0             10d     10.233.98.100    ems203-w7   <none>           <none>
root@ems203-m1:/home/labadmin#







Comments

Post a Comment

Popular posts from this blog

gNMI_with_grafana on containerlabs

-
Image
  root@digi-oss:/home/labadmin/mohan/2jan26_grafana# cat sr_lab.clab.yml name: sr_lab topology:   nodes:     sr1 : {kind: nokia_srlinux, image: ghcr.io/nokia/srlinux:latest, startup-config: sr1.cfg}     sr2 : {kind: nokia_srlinux, image: ghcr.io/nokia/srlinux:latest, startup-config: sr2.cfg}     # gNMIc Collector     gnmic:       kind: linux       image: ghcr.io/openconfig/gnmic:latest       binds: [gnmic-config.yml:/app/gnmic-config.yml:ro]       cmd: "--config /app/gnmic-config.yml subscribe"     # Prometheus TSDB     prometheus:       kind: linux       image: prom/prometheus:latest       binds: [prometheus.yml:/etc/prometheus/prometheus.yml:ro]       ports: ["9090:9090"]     # Grafana Visualization     grafana:       kind: linux       image: grafa...
Read more

EVPN Route type-1 & type-4 in action

-
Image
 Route Type 1: Ethernet Auto-Discovery (A-D) A Type 1 route is advertised by a PE router on a per-Ethernet Segment Identifier (ESI) basis. It is triggered by the presence of a multihomed connection.  Purpose of Type 1 routes Aliasing:  In an all-active multihoming setup, a Type 1 route informs remote PE routers that an Ethernet segment is reachable via multiple PEs. This allows for load-balancing traffic to the same customer device over multiple paths. Fast convergence (Mass MAC Withdrawal):  If a local link to a multihomed customer device fails, the PE sends a withdrawal message for the Type 1 route. Remote PEs can then withdraw all MAC addresses associated with that Ethernet segment, instead of waiting for individual MAC withdrawals, which speeds up convergence. Split-horizon filtering:   The route carries an ESI label to prevent traffic loops in all-active mode. A PE router won't forward broadcast, unknown unicast, and multicast (BUM) traffic back to its sour...
Read more

BGP EVPN TYPE-1 & TYPE-4 in action

-
  🧠 Quick Recap Before Type-4 When an ESI (Ethernet Segment Identifier) is configured on dual-homed leafs: Each leaf advertises: ✅ Type-1 Per-ESI → ESI discovery & mass withdrawal ✅ Type-1 Per-EVI → VLAN (EVI) participation, per-VLAN control Remote VTEPs use these to know who shares the ESI. Now, to decide which leaf forwards BUM traffic (Broadcast, Unknown, Multicast) for each VLAN, they use Type-4 routes . ⚙️ What is a Type-4 Route? Route Type Name Purpose Type-4 Ethernet Segment Route (ES Route) Used for DF election between PEs sharing the same ESI 🔹 Content of Type-4 Route Each PE advertising a shared ESI sends: EVPN Type-4 Route ----------------- - ESI: 0000:0000:0000:0000:000010 - Originating Router’s IP (VTEP IP) - Route Distinguisher - Next Hop: VTEP IP - Extended Communities: - ES-Import RT (derived from ESI) - DF Algorithm (RFC7432 or RFC8584) 🧭 Putting It Together (Flow of Events) Let’s take this topology again: ...
Read more