K
Q

kubernetes internal to external communication directly?

11/10/2015

I want to access some external Saas api endpoints in pod. I use flannel as kubernetes network. But when I try to ping external IP in a pod, the packet will be sent without masquerading. So ping could not be successful

And I found this: https://docs.openshift.org/latest/dev_guide/integrating_external_services.html After creating the service without selector and attach the related endpoint, I could get the external service in pod.

I could also add the iptables masquerade on 10.254.0.0/16 on node to enable directly accessing external endpoint as follows:

iptables -t nat -A -A POSTROUTING -s 10.254.61.0/24 ! -d 10.254.0.0/16 -j MASQUERADE

But couldn't we just access the external Saas endpoint directly?

Is there any configuration on kubernetes or flannel(or other network plugin?) that can allow internal-to-external communication directly?

Thanks

-- jim
kubernetes

Similar Questions

How to configure the runtime constraints on resources in Kubernetes
Kubernetes scale down specific pods
handle multiple jobs with google container
Gracefully stopping a Java process in a pod in Kubernetes?

1 Answer

11/11/2015

The kubelet will ensure the iptables postrouting rule is created if you tell it to [1] however I suspect you're running with --configure-cbr0=false because you want to allow flannel to set up container networking. I believe you can tell flannel to set the rule for you:

flanneld --help
...
-ip-masq setup IP masquerade rule for traffic destined outside of overlay network

[1] https://github.com/kubernetes/kubernetes/blob/b9cfab87e33ea649bdd13a1bd243c502d76e5d22/pkg/kubelet/container_bridge.go#L122

-- Prashanth B
Source: StackOverflow