I have a scenario like this. I have 2 containers inside a single pod, one of them makes HTTP requests, the other one is a transparent proxy (I'm using mitmproxy listening on port 8080) which intercepts that requests. The issue I'm having is that only the HTTP requests which destination is outside the Kubernetes cluster are intercepted by the proxy. The proxy doesn't intercept the requests which destination lies within the Kubernetes cluster (i.e. when I make an HTTP request to some other microservice). I'm assuming that this is because I'm lacking some iptables filters in my script. Unfortunately, I have run out of any ideas on how to fix it. Is there anyone who could at least point me in the right direction? I'd really appreciate any help.

To install iptables on a pod I'm using an image with initContainer like this:

  initContainers:
  - name: init
    image: init-image
    securityContext:
      privileged: true
    imagePullPolicy: Always

Here's the init-image Docker file:

FROM alpine:3.6

RUN apk add --update iptables curl bash
RUN apk add --update ip6tables curl bash

COPY start.sh /start.sh
RUN chmod 777 /start.sh
ENTRYPOINT ["/start.sh"]

And finally the script.sh. The part with ownership is because of mitmproxy reasons, and it was added like that according to its documentation.

#!/bin/bash

set -x
set -eo pipefail

iptables -t nat -A OUTPUT -p tcp -m owner ! --uid-owner root --dport 80 -j REDIRECT --to-port 8080
ip6tables -t nat -A OUTPUT -p tcp -m owner ! --uid-owner root --dport 80 -j REDIRECT --to-port 8080