How to Break your Kubernetes Cluster with Networking

The presentation discusses the potential ways to break a Kubernetes cluster with networking and provides anecdotes and examples to illustrate the points.

• Kubernetes networking is simple and generally works well, but there are potential dark sides to it
• DNS is a critical component of Kubernetes networking and can be a source of issues
• Other potential issues include unreliable network protocols, DNS rate-limiting, network policy side effects, NodePort surprises, MTU and Kubernetes, effects of Kubernetes networking on distributed databases, network rate-limiting effects, bootstrapping race conditions, unexpected service behavior, and sudden breakages at scale
• The presentation draws on the experience of the speaker and their work with users of the Psyllium CNI plugin for Kubernetes

The speaker provides an example of a common DNS issue in Kubernetes where the ndots default setting can cause problems with service discovery if not configured correctly

One of the best ways to learn about something is to understand how you can break it. In this talk, we will look at all the different ways you can break your Kubernetes cluster with networking. Learn from this before you learn in production. Misconfigured DNS, DNS, unreliable network protocols and DNS, DNS rate-limiting, network policy side effects, NodePort surprises, MTU and Kubernetes, effects of Kubernetes networking on distributed databases, network rate-limiting effects, bootstrapping race conditions, unexpected service behavior, sudden breakages at scale, and more. The list of potential ways to break your cluster is long. Half a decade of CNI development experience while working with many, many Kubernetes users as a maintainer of one of the leading open-source CNI projects have gone into this talk. It will be fun, you will laugh, and hopefully, in the end, you will avoid some of what others have already experienced.