How to find resource issuing request in Kubernetes cluster by IP address?

Question

Update:

What I am trying to achieve: I have the IP address of a cluster resource (10.1.239.128 in the examples below) and want to figure out to which POD/service/... it belongs.

---

I set up a Kuebernetes cluster using Microk8s running, among others, vault and cert-manager via Helm charts. In two of the PODs created for vault and cert-manager, I get multiple the following log entry:

> kubectl logs pod/cert-manager-webhook-6787f645b9-s5fxl

http: TLS handshake error from 10.1.239.128:37763: EOF

> kubectl logs pod/release-name-vault-0

http: TLS handshake error from 10.1.239.128:48609: remote error: tls: unknown certificate authority

I am struggling with finding out where these requests come from.

I tried:

• kubectl get svc --all-namespaces
• kubectl get endpoints --all-namespaces
• kubectl get endpointslices --all-namespaces
• ping -a 10.1.239.128 using from a POD created using netshoot

to figure out from where the requests are coming from, but to no luck. The ip address is not listed or resolved to a DNS name to further investigate.

Any further ideas of how to get the resource issuing the request or further debug this? Thanks in advance.

Answer 1

Here is a workaround, not the finest way of doing it, but it may help to get in the right direction:

kubectl api-resources  -oname |while read r;
do 
     echo -n "$r ----> ";
     kubectl get $r -A -o yaml |grep -oPz '\d+\.\d+\.\d+\.\d+';
     echo "" ;
done

Assuming the IP, you are searching for is a cluster resource.