How traffic routing happens in Kubernetes operator - Journey of Egress traffic

Question

I am trying to understand about egress traffic controlling in Kubernetes-Operator. If I implement Kubernetes operator in my k3s setup, how the egress traffic flow happens in the operator?

I want to understand that what pathway/gateway and routing happens with egress traffic flow happens in the Kubernetes operator (journey of egress traffic)?

Answer 1

As a general rule, egress traffic leaves your SDN from the Node hosting your Pod. The Node would NAT it, using its own IP on your underlay network.

Now, if by Egress you mean "anything that leaves my Pod" / regarding communications that stay within the SDN. Bearing in mind that:

• the SDN has two subnets (pod network, service network), and that your pod network is split into smaller subnets, statically allocated to your Kubernetes nodes:
• Services have (usually/when spec.clusterIP != None) their own fixed IP.
• for each Service in your cluster, you have an Endpoint object, that lists all Pods with matching labels, that are considered to be "Ready"

Connecting a Service, the Node firewall (usually ipvs or iptables, as configured per kube-proxy) would redirect your connection one of the addresses listed in the corresponding Endpoint object. At which point, your Node routing table takes over:

• if the target address is local (in the pod subnet that was allocated to your Node), then communication is direct.
• if the target address belong to a network allocated to another node in your cluster, then traffic would go through your SDN containers (calico, flannel, ovs, ...), reaching its destination.