I have setup a three node cluster (1 master, 2 workers) each node on a baremetal host. To let traffic into the cluster, am using a NGINX Ingress controller, installed using stable/ngix-controller helm subchart. As I'm not using any loadbalancer so I set the externalIPs field to my master node IP and have the externalTrafficPolicy set to Local.
My ingress object has 3 host domains, each one set to specific service. These domain were added to my computer /etc/hosts pointing to the masterIPs.
How does my traffic destined to a given domain reach the correct node and subsequent pod If neither the pod nor the ingress controller are running at the master?? Shouldn't the packets be dropped as stated here Ingress controller NodePort service
Thanks in advance!! Cheers!!
----EDIT----
nginx-ingress:
controller:
config:
hsts: "true"
scope:
namespace: ingress-nginx
service:
externalIPs:
- "10.X.X.X"
externalTrafficPolicy: LocalIf you set externalIp to one of the nodes then you can use nginx ingress with no problem. This is because nginx will bind on port 80 on the nodes and just like you said there will be no pods in master nodes.
The mechanism that allows communication between nodes is kube-proxy. And the documentation has the following:
kube-proxy
kube-proxy is a network proxy that runs on each node in your cluster, implementing part of the Kubernetes Service concept.
kube-proxy maintains network rules on nodes. These network rules allow network communication to your Pods from network sessions inside or outside of your cluster.
kube-proxy uses the operating system packet filtering layer if there is one and it's available. Otherwise, kube-proxy forwards the traffic itself.
When the ingress-nginx service uses NodePort service type, it will be exposed on each of the nodes.
Hope it helps.