I have two pods running on Kubernetes. To simplify lets called them A and B. The A is an application which makes HTTP requests. The B is a proxy running in the transparent mode. The questions is how should I alter iptables rules so the traffic coming out from the A goes through the B pod??
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
A (application) NodePort 10.109.208.35 <none> 8090:31000/TCP 3d6h
B (transparent proxy) NodePort 10.98.102.253 <none> 8080:32226/TCP 3h33mI have tried the following but it doesn't work. Can someone help me to sort it out?
sudo iptables -t nat -D PREROUTING -p tcp --dport 31000 -j REDIRECT --to 32226You can achieve such a behavior by using a service mesh such as Linkerd or Istio and using egress capabilities.
Also, I am pretty sure that it's not a good idea to alter the iptables because of the following: 1. iptables are autoprovisioned by Kubernetes and have a complex model. 2. once the cluster will be rebooted, the rules set in the iptables can be lost and you won't know what did you do.
Another solution, rather than using a service mesh is to use a sidecar proxy such as Envoy. Anyway, you should make this kind of coupling explicit for the rest of the team who is working with you on this. Otherwise, someone will troubleshoot why the traffic from A goes through B. It's not a pattern that I've seen before and for me it seems to be more like an antipattern.