collinvandyck · November 30, 2025 14:01 · Nov 30, 2025 · Nov 30, 2025
diff --git a/k8s load balancing using iptables.md b/k8s load balancing using iptables.md
@@ -23,4 +23,8 @@ Chain KUBE-SVC-D3W7O6L4TBOTDF5H (1 references)
 ~
 ```
 
-The first rule uses `statistic mode random probability 0.50000000000` and then the last rule is the fallback
+The first rule redirects traffic coming from outside the pod network to go back through the NAT.
+The next two rules do the load balancing:
+
+-  `statistic mode random probability 0.50000000000`: 50% of the traffic
+-  the next rule just gets the remainder (also 50%)
diff --git a/k8s load balancing using iptables.md b/k8s load balancing using iptables.md
@@ -0,0 +1,26 @@
+# Setup
+
+Scale static sites deployment to two replicas
+
+```sh
+kc scale --replicas=2 -n static-sites deploy/static-sites
+```
+
+# iptables rules
+
+kube-proxy added these rules to load balance between them:
+
+```sh
+➜ sudo iptables -t nat -L KUBE-SERVICES -n -v | rg static-sites
+    0     0 KUBE-SVC-D3W7O6L4TBOTDF5H  6    --  *      *       0.0.0.0/0            10.43.191.69         /* static-sites/static-sites:http cluster IP */ tcp dpt:80
+~
+➜ sudo iptables -t nat -L KUBE-SVC-D3W7O6L4TBOTDF5H -n -v
+Chain KUBE-SVC-D3W7O6L4TBOTDF5H (1 references)
+ pkts bytes target     prot opt in     out     source               destination
+    0     0 KUBE-MARK-MASQ  6    --  *      *      !10.42.0.0/16         10.43.191.69         /* static-sites/static-sites:http cluster IP */ tcp dpt:80
+    0     0 KUBE-SEP-F47JVEZV36JZ7UAP  0    --  *      *       0.0.0.0/0            0.0.0.0/0            /* static-sites/static-sites:http -> 10.42.0.224:8080 */ statistic mode random probability 0.50000000000
+    0     0 KUBE-SEP-TML3SZGGHMDHZV5V  0    --  *      *       0.0.0.0/0            0.0.0.0/0            /* static-sites/static-sites:http -> 10.42.0.47:8080 */
+~
+```
+
+The first rule uses `statistic mode random probability 0.50000000000` and then the last rule is the fallback
No results found