On AWS EKS, I have ALB Ingress Controller with Ingress resource pointing to NodePort service on port 32509 with targetPort 80, with externalTrafficPolicy: Local on service.
How is external traffic routed to my pods under NodePort service in this case?
Something like, ALB > random Node kube-proxy > Node port 32509 (?) > Pod port 80?
Edit: kube-proxy is working in iptables mode.
The NodePort service builds on ClusterIP. But if the externalTrafficPolicy is Local, then traffic arriving at a node is forwarded only to pods that are on this node. So, the way your traffic is routed must be something like this:
ALB -> random node on port 32509 -> random pod on this node on port 80The problem is that if there are no pods of the NodePort service on this specific node, then the request is dropped. This is explained here in detail.