I have 2 Kubernetes Services of type LoadBalancer running in AKS 1.15.9
$ kubectl get svc --all-namespaces | grep Load
istio-system istio-egressgateway LoadBalancer 10.0.177.123 51.A.XXXXX
istio-system istio-ingressgateway LoadBalancer 10.0.198.456 20.B.XXXXX
However, when I run a Pod to check egress IP it is using 51.C.XXXX
curl -s checkip.dyndns.org
the AKS egress IP address is shown in the response is 51.C.XXXX
I would of expected AKS to use one of the LoadBalancer IPs from the K8s Services.
There's different between the ingress
IP and egress
IP.
Egress, from the docs:
Outbound traffic from an AKS cluster follows Azure Load Balancer conventions. Before the first Kubernetes service of type LoadBalancer is created, the agent nodes in an AKS cluster are not part of any Azure Load Balancer pool. In this configuration, the nodes have no instance level Public IP address. Azure translates the outbound flow to a public source IP address that is not configurable or deterministic.
With that been said, The IP returns from curl -s checkip.dyndns.org
is the egress IP. This is the outbound public IP of the aks cluster.
Ingress, from the docs:
An ingress controller is a piece of software that provides reverse proxy, configurable traffic routing, and TLS termination for Kubernetes services. Kubernetes ingress resources are used to configure the ingress rules and routes for individual Kubernetes services. Using an ingress controller and ingress rules, a single IP address can be used to route traffic to multiple services in a Kubernetes cluster.
The ingress IP - in your case, the Load Balancer is the public\internal IP which responsible for reverse proxy and configurable traffic routing.
Diagram: