K8S outtrafic pod

Gidi_Kalef · November 13, 2019, 1:41pm

Hi Guys,

i have a pod that need access to another service which managed under firewall .

currently we don’t have access to the another service because it blocked(by firewall), im trying to figure out which ip the pod use to identity against the another service to open the firewall rule needed.

any idea?

Thanks,
Gidi

thockin · November 13, 2019, 4:23pm

You’ll need some sort of explicit egress Gateway. This is not something Kubernetes has by default right now.

acim · November 14, 2019, 1:53am

If this is completely different machine, your pod will probably come from the external IP of the node it is running in. If you can’t find out, you can run some image with curl and find out your external ip from some whatismyip site.

Gidi_Kalef · November 14, 2019, 5:17am

Hi @acim ,
Thanks for your response, we have tried to open any any in firewall with source of our worker machines, with out successes.
Can you please give me more information about the curl what should I do?
Thanks

Gidi_Kalef · November 14, 2019, 5:18am

@thockin Hi thockin ,
thanks for you response, isnt the pod should use the external IP of the host it is running on?

acim · November 14, 2019, 11:46am

Is there some firewall protecting your Kubernetes cluster? Is it in some cloud or?
Do you have network policies?

Gidi_Kalef · November 14, 2019, 12:37pm

Actually my K8S is not protected under fire wall

acim · November 14, 2019, 1:00pm

What errors do you see from your pod? What is the output of “kubectl logs” and “kubectl describe pod”?

Run this to find out your public IP:

kubectl run -ti --rm --restart Never --image curlimages/curl – curl http://whatismyip.akamai.com

Gidi_Kalef · November 14, 2019, 2:16pm

i run:
kubectl exec -ti bash
then in the terminal i ran
curl http://whatismyip.akamai.com/

this is the respond: 194.31.58.5

is that the ip i have too look for?

acim · November 14, 2019, 9:27pm

Of course, allow this IP to access your external service and check your logs on both sides.

acim · November 15, 2019, 12:03pm

Take care that each node probably has it’s own external IP. You can maybe get all of them using this command:

kubectl get nodes -o jsonpath='{.items[*].status.addresses[?(@.type=="ExternalIP")].address}'

If this is not set, you have to find out all IP’s by running some curl pod on each node. You may need to use node selector.

Gidi_Kalef · November 17, 2019, 12:46pm

@acim
i havent found any external ip
should i run the curl from the pod in each node, or on the node?

Thanks

acim · November 17, 2019, 10:15pm

Well, if this pod is runing as part of a deployment, than you should get external IP’s of all worker nodes and whitelist them on the external firewall. If you run a single pod always on the same node, then this one IP should be enough.

Topic		Replies	Views
Problem accessing to a pod General Discussions service	1	747	May 27, 2021
How to access non-k8s service running on node from inside k8s pod? General Discussions	2	469	April 5, 2022
Service request routing when no Pods available General Discussions network	4	812	September 18, 2019
Security Impact of Kubernetes API server external IP address proxying Announcements security	1	4152	January 4, 2019
Unable to connect to external OR pod ips from inside a pod General Discussions	1	605	July 31, 2021

K8S outtrafic pod

Related Topics