Reputation: 73
Kubernetes IP egress addressing
I question I have trouble finding an answer for is this: When a K8s pod connects to an external service over the Internet, then that external service, what IP address does it see the pod traffic coming from?
I would like to know the answer in two distinct cases:
- there is a site-to-site VPN between the K8s cluster and the remote service
- there is no such VPN, the access is over the public Internet.
Let me also add the assumption that the K8s cluster is running on AWS (not with EKS,it is customer-managed).
Thanks for answering.
Upvotes: 1
Views: 3869
Answers (1)
Reputation: 4913
When the traffic leaves the pod and goes out, it usually undergoes NATing on the K8S Node, so the traffic in most cases will be coming with the Node's IP address in SRC. You can manipulate this process by (re-) configuring IP-MASQ-AGENT, which can allow you not to NAT this traffic, but then it would be up to you to make sure the traffic can be routed in the Internet, for example by using a cloud native NAT solution (Cloud NAT in case of GCP, NAT Gateway in AWS).
Upvotes: 1
Related Questions
- Assign External IP to a Kubernetes Service
- Kubernetes service IP confusion
- Kubernetes, access IP outside the cluster
- How to access services through kubernetes cluster ip?
- Egress IP address selection
- Kubernetes IP service IP and ports
- Ip addressing of pods in Kubernetes
- How to expose external ip in Kubernetes?
- IP Address assignment for the application running inside the pod in kubernetes
- How to make kubernetes work with dynamic ip address