Hey everyone,
I'm working on some network diagrams for my Kubernetes cluster and something caught my attention in the Ingress logs. I see direct calls to the pod CIDR (10.244.0.0/16) rather than expected calls to a service that would correspond to the service CIDR (192.168.0.0/16). Is this the normal behavior for Ingress? Am I missing something here? Could it be that KubeDNS is somehow resolving the service call straight to the pod IPs?
4 Answers
From what I know, Ingress indeed checks for services first. Behind each service, there are endpoints that track the pod IPs, directing traffic to those healthy IPs. So what you're seeing seems to line up with how it's supposed to work.
The behavior you see can depend on the ingress controller's configuration. For example, the nginx ingress controller typically uses Kubernetes services to find pod IPs behind them, and it connects directly from the Ingress to the pods. However, this can also be altered in the config. Just so you know, if you're using Azure Kubernetes Service, they've stated that they will support NGINX Ingress until November 2026.
Service IPs actually act as virtual IPs. Kube-proxy does some destination NAT to route traffic from those virtual IPs to the actual pod IPs. It sounds like everything is functioning as expected on your end!
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures