-1

  • My Setup GKE / EKS - Managed Kubernetes Cluster

  • As of now for Business requirements, it is k8s cluster with Public Endpoints

  • What it means is that I have a Public endpoint for API Server as well Nodes have an External Public IP Address

  • nginx ingress is deployed for route-based traffic and exposed as a Loadbalancer type

  • And The LoadBalancer is of type Network Load Balancer internet facing(Or External) having a Public IP Address (say 35.200.24.99)

    My requirement or I want to understand, is this

  • If my Pod makes a call to the outside APIs, what will be the source IP that the outside API will receive? Is it my LoadBalencer IP or the Pod Node External IP Address

  • If it receives the LB IP, is there a way to change this behavior to send the Pod Node IP Address?

  • Also is there any tool or a way to simulate what is the Source IP, I am getting while Pod makes a request to an outside API

  1. I could not try out anything
  2. I tried hitting curl requests to nginx Pod that wsa running inside, but did not get desired results or I could not figure out
Nagesh Jayaram
  • 27
  • 2

1 Answers1

0

If my Pod makes a call to the outside APIs, what will be the source IP that the outside API will receive? Is it my LoadBalencer IP or the Pod Node External IP Address

It your POD sending request and your cluster is public it will be Node's IP on which POD is running/scheduled.

If it receives the LB IP, is there a way to change this behavior to send the Pod Node IP Address?

it wont get the LB IP, it will be Node's IP only on which POD is running. If you want to manage the Single outgoing IP you can use the NAT gateway so all traffic will go out of the single source IP.

Also is there any tool or a way to simulate what is the Source IP, I am getting while Pod makes a request to an outside API

Go to the POD using kubectl exec -it <POD name> bash once you are inside the POD run the curl ifconfig.me it will return the IP from which you are hitting the site. Mostly it will be Node's IP.

Consider ifconfig.me as an outside API and you will get your result.

Harsh Manvar
  • 27,020
  • 6
  • 48
  • 102
  • Thanks for the quick answer @Harsh that answered the first question Few more queries 1.Can we control this ifconifg.me and how it is getting set 2.If I make the K8s Cluster Private, then only way of Pod sending the egress traffic is thrgh the NAT Gateway, as thats the only channel. And in that case only that NAT GW IP will be sent 3.Also check this ifconfig.me in many GKE public cluster, I got the IP Address of the Node 4.But when I checked the AKS node Pods, I got the same IP Address for all pods which is not the same as the Node IP Address, Do you have any clue how AKS handles – Nagesh Jayaram Dec 11 '22 at 05:04
  • sorry i have no clue around the AKS part, but with GKE it uses the Nodes IP. 1. you don't need to set anything, ipconfig.me is website to check IP address only. 2. yes if private clsuter NAT IP is only IP that get used. – Harsh Manvar Dec 11 '22 at 05:09
  • Yeah, I know ifconfig.me is the URL, (This is same ashttps://whatismyipaddress.com/ or others) What I meant y asking was, can we control whats the source IPs (can we radomize the IPs that , as I do not want my IP addresses to get blocked) And one more thing, this NodeIP Address is the source IP only for requests generated from the Pods right? For the incoming requests, it is only through LB and the response is also through LB. – Nagesh Jayaram Dec 12 '22 at 04:56
  • yes right incoming request is from lb and response also but if POD calling third part source IP will be node ip. – Harsh Manvar Dec 12 '22 at 05:17