I want a pod in my K8S cluster to access a service that is deployed on a server (NOT a K8s node). Can a pod send HTTP request to the server and get HTTP response from the server? How does KubeProxy and CNI (e.g. flannel) impact the above HTTP communication process?
Can a pod send HTTP request to the server and get HTTP response from the server?
It should be able to. Have you tried? The pod will have an IP address on the pod network, but that address may not be routable. If not, there should be some ip/nftables rule that masquerades the address in the outbound packet. Whether the response comes back depends on the external routing tables.
Also, NetworkPolicys will have an effect.
How does KubeProxy and CNI (e.g. flannel) impact the above HTTP communication process?
CNI should set up the routing table on the node where the pod sits.
I think the iptables rule doesn’t masquerade the destination address and port number of the packet whose destination address isn’t in the K8S cluster network. However, is the source address of the packet masqueraded? If masqueraded, the response can’t go back to the pod.
If masqueraded, the response can’t go back to the pod.
The whole purpose of SNAT is so that return packets go back to the original source. The masquerading node maintains a per-connection (“connection tracking”) lookup table.
Have you tried?
?