Simplifying Cloud Networking with Kubernetes Services

🚀 New blog post: Azure Kubernetes Application Network is now in preview, and it's worth paying attention to. If you're running multiple AKS clusters and dealing with the cross-cluster networking headache - service discovery, mTLS across boundaries, traffic shifting between versions in different clusters - this is Microsoft's answer to that problem. It's a fully managed, ambient-mode service mesh (no sidecars!) that spans multiple AKS clusters with a shared trust boundary and a single control plane you don't have to operate. In my latest post I cover: ✅ How the architecture actually works (management, control, and data plane) ✅ Step-by-step setup with real commands ✅ Making services global across clusters ✅ Traffic shifting, L4/L7 auth policies, and JWT-based routing ✅ What to watch out for before you dive in It's preview, so not for production yet - but it's worth standing up in dev now if multi-cluster AKS is on your roadmap. 👉 https://lnkd.in/e63CJdKG #Azure #AKS #Kubernetes #ServiceMesh #Istio #CloudNative #DevOps

Kubernetes Load Balancing for Bare Metal & Hybrid Environments – Now Simplified! Exposing Kubernetes services externally in on-prem or hybrid environments has always been tricky—until now. Learn how you can implement a powerful, cloud-independent load balancing solution using Cilium’s BGP support combined with Rafay’s platform automation. With this setup: ✅ No dependency on cloud load balancers ✅ Native LoadBalancer service support using BGP ✅ Seamless integration with upstream routers ✅ Declarative automation using Rafay blueprints & add-ons ✅ Scalable, production-ready for enterprise data centers This approach lets you advertise Kubernetes Service IPs directly to external routers, making your services immediately reachable from outside the cluster—perfect for bare metal, air-gapped, or hybrid cloud environments. We also published a step-by-step guide to help you deploy and test this in your own environment including: - IP pool allocation - BGP peering - Live validation with a simple ngnix workload 📎 Curious how this works or want to try it out? Here are resources for more details Introductory Blog https://lnkd.in/gc_YVr7v Get Started https://lnkd.in/gBKi5Z85 #Kubernetes #Cilium #LoadBalancer #DevOps #Rafay #BGP #HybridCloud #OnPrem #CloudNative #CNIs #PlatformEngineering

How Traffic Actually Moves Inside Kubernetes There are only two directions traffic can move: North–South → from outside the cluster into it East–West → between services inside the cluster Everything else is just implementation detail. North–South: When a User Hits Your App A request doesn’t magically “reach a pod.” It passes through layers each with a very specific responsibility. First, an Ingress or Gateway receives the request. This is your traffic front door , it handles host rules, paths, TLS termination. Then the request hits a Service. The Service is not your app. It’s a stable virtual endpoint that hides the fact that Pods come and go. Behind the Service, kube-proxy programs routing rules (iptables/IPVS) so traffic is forwarded to one of the healthy Pods. The Pod itself has a real IP assigned by the CNI plugin (like Calico or Cilium). That CNI integrates with the Linux kernel networking stack and ensures packets actually move between nodes. Underneath all of it? Just standard Linux networking and your cloud/VPC infrastructure. Nothing mystical. Just layers doing one job each. East–West: Service-to-Service Communication Inside the cluster, things are cleaner. When one service calls another: DNS (CoreDNS) resolves the Service name Traffic goes to the Service IP kube-proxy forwards it to a backing Pod CNI ensures packets can travel node-to-node Kubernetes follows a flat network model: Every Pod gets its own IP. Every Pod can reach every other Pod (unless restricted by NetworkPolicy). If you use a Service Mesh, you’re adding observability, mTLS, retries but the underlying routing model stays the same. The Mental Model That Changes Everything Think of Kubernetes networking as three stacked layers: Abstraction layer → Ingress & Services Routing layer → kube-proxy rules Connectivity layer → CNI + Node networking When something breaks, the issue is almost always in one of those three. Once you see that separation clearly, debugging stops feeling random. Kubernetes networking isn’t complicated. It’s just layered and very opinionated. Understand the flow once, and the black box disappears. If this made Kubernetes networking click for you, consider reposting so it clicks for someone else too. Follow Shruthi Chikkela for more insights #Kubernetes #CloudNative #DevOps #PlatformEngineering #Microservices #CloudArchitecture #CNI #Networking #SRE #TechLeadership #Learnwithshruthi #careerbytecode #Linkedin