Skip to content

Instantly share code, notes, and snippets.

@collinvandyck

collinvandyck/k8s load balancing using iptables.md

Last active November 30, 2025 14:01
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save collinvandyck/77ef72702ae130a49e8a67030ed7f749 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save collinvandyck/77ef72702ae130a49e8a67030ed7f749 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
k8s load balancing using iptables.md

Setup

Scale static sites deployment to two replicas

kc scale --replicas=2 -n static-sites deploy/static-sites

iptables rules

kube-proxy added these rules to load balance between them:

➜ sudo iptables -t nat -L KUBE-SERVICES -n -v | rg static-sites
    0     0 KUBE-SVC-D3W7O6L4TBOTDF5H  6    --  *      *       0.0.0.0/0            10.43.191.69         /* static-sites/static-sites:http cluster IP */ tcp dpt:80
~
➜ sudo iptables -t nat -L KUBE-SVC-D3W7O6L4TBOTDF5H -n -v
Chain KUBE-SVC-D3W7O6L4TBOTDF5H (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 KUBE-MARK-MASQ  6    --  *      *      !10.42.0.0/16         10.43.191.69         /* static-sites/static-sites:http cluster IP */ tcp dpt:80
    0     0 KUBE-SEP-F47JVEZV36JZ7UAP  0    --  *      *       0.0.0.0/0            0.0.0.0/0            /* static-sites/static-sites:http -> 10.42.0.224:8080 */ statistic mode random probability 0.50000000000
    0     0 KUBE-SEP-TML3SZGGHMDHZV5V  0    --  *      *       0.0.0.0/0            0.0.0.0/0            /* static-sites/static-sites:http -> 10.42.0.47:8080 */
~

The first rule redirects traffic coming from outside the pod network to go back through the NAT. The next two rules do the load balancing:

  • statistic mode random probability 0.50000000000: 50% of the traffic
  • the next rule just gets the remainder (also 50%)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment