Questions tagged [egress]
20 questions
2
votes
0 answers
Istio Egress 1.14 wildcard configuration for arbitrary domains
in older versions of Istio, when you wanted to use an egress gateway to allow the communication with a arbitrary domains, you could use wildcards with a SNI proxy as it's explained in…
Sergio Sánchez Vega
- 21
- 2
1
vote
2 answers
In Private GKE Cluster achieve dedicated public IP as source IP for each pod for outgoing traffic
Requirement : With private GKE ( version : 1.21.11-gke.1100 ), each pod is required to have a dedicated public IP as source IP when reaching to internet. It is not required for ingress but only for egress.
Solution tried : Cloud NAT. Works…
Baskar Lingam Ramachandran
- 617
- 9
- 25
0
votes
0 answers
Why is Istio egress gateway destination ip address not working?
I would like one of the controllers to access the remote control plane of k8s in GCP. The controller is working on a different cluster. Also the cluster with the controller is running Istio and I would like to use egress gateway to route the traffic…
Jakub Trochim
- 1
- 1
0
votes
1 answer
Outbound traffic using istio does not work normally
When istio is used in kubernetes, outbound traffic using spring boot's restemplate returns socketException.
When istio is disabled, outbound traffic to that domain is 200.
But when enabled, it is 500.
In the application, traffic(https) is exported…
raboy
- 1
- 1
0
votes
0 answers
Facing pod to pod ip connection issue in istio
Not able to connect other pod ip from other pod when enabling REGISTER_ONLY in mode of config in engress gateway of istio
apiVersion: v1
data:
mesh: |-
accessLogEncoding: TEXT
accessLogFile: /dev/stdout
accessLogFormat: ""
…
Rahul Gogyani
- 1
- 1
0
votes
0 answers
Kubernetes egress doesnt work for active database connection (jdbc)
I would like to deny outgoing connections from existing pods for specific IP address. I created the following network policy (NP) in which I restricted the IP range of the database server (10.16.0.0/16). The policy only works after the pod is…
0
votes
0 answers
How to track usage of this SKU on Google? BigQuery Storage API Network Internet Egress Intercontinental (Excl Oceania and China)(Excl Oceania & China)
I need help to understand more about 2 SKU on Google Cloud, I'm charging a big amount on these skus:
BigQuery Storage API Network Internet Egress Intercontinental (Excl Oceania and China)
BigQuery Storage API Network Internet Egress South America to…
Reginaldo Silva
- 11
- 3
0
votes
1 answer
Should we keep all egress of a pod in a single k8s NetworkPolicy?
I have a pod which emits metrics and it has multiple egresses associated like -
authentication endpoint (tcp/443)
dns (udp/53)
instance metadata (tcp/80)
other pods (all)
What would be a good practice to define the policies for all of the above…
devcodes
- 1,038
- 19
- 38
0
votes
0 answers
why I can't parse h_proto == 0x0806 that arp protocol from Linux ebpf tc egress code?
I want to get IP address from arp broadcast that net dev send.So I use tc egress to get this IP by ebpf.I can use this code parse struct xdp_buff but is not work on struct __sk_buff. I print eth->h_porto get error hex.So what should I do can soulve…
niao ruo
- 11
- 3
0
votes
0 answers
Is there a way to apply NetworkPolicies based on container name?
I'm facing an issue on my local cluster trying to scope NetworkPolicies to containers instead of pods.
Example: I have a pod with 2 containers.
container-1: a microservice container with HTTP_PROXY, HTTPS_PROXY set to localhost:8008
container-2: an…
Luis Recchini
- 1
- 1
0
votes
0 answers
Can I have one source element and multiple sinks in a Gstreamer Pipeline?
So basically what I am trying to do is, read a video from a single source element, and then I want to encode the video file in two different formats and store them in different sinks, preferably within the same pipeline. Could anyone please guide me…
0
votes
1 answer
502 bad gateway using Openshift (Kubernetes)
I have an Openshift 4.6 platform running an applicative pod.
We use postman to send request to the pod.
The applicative pod return a 200 http response code, but get a 502 in postman.
So there is a interim component inside OpenShift/K8s that should…
Nicolas Malinconico
- 19
- 3
0
votes
1 answer
I'm setting up EGRESS to access AWS RDS from GKE
I think public access is dangerous, so I want to build EGRESS and add only the egress ip to the whitelist.
**
1.Because GKE is public, CLOUD NAT, which is private, is not included.
2.I've never used TERRAFORM, so I want an answer other than…
jeqwdkc
- 3
- 1
- 3
0
votes
2 answers
Kubernetes NetworkPolicy: Blocks all egress though no blocks are specified
I have a service that I want to be able to access the internet and noother pods. However, ALL egress rules seem to block all egress.
# No NetworkPolicies
kubectl -n mytestnamespace exec service-c-78f784b475-qsdqg -- bin/bash -c 'curl…
Esben Eickhardt
- 3,183
- 2
- 35
- 56
0
votes
0 answers
Do I pay egress fees when I serve requests?
I read this sentence
If you are hosting a web application in the cloud, then you are
probably used to paying data egress charges for your outbound traffic
anyway, so you will be comfortable with this charging model.
in the following post…
Baobab
- 155
- 8