Kube-proxy over l3 network / k3s

Hello! I have test environment with two servers over l3 network (bird). For server communication I have dummy interface (modprobe dummy). After setup k3s I have problem with firewall, for example:

  • nc -v <kubernetes_api_svc> 443
  • We have two node, thats two endpoint for ClusterIP svc inside default namespace, when request go to current server, working ok
  • When request go to other server MASQUERADE use ip address of phisical interface, but other side want src ip of dummy interface.

Why kube-proxy not have parameter for use SNAT --to-source instead of MASQUERADE?
This is looks like a problem with my approach. Where is true way to setup kubernetes inside l3 network on bare metal?

Why is it masquerading between nodes at all? It should not need to. I don’t know what k3s is doing for setup, but pod-pod should not need NAT

I have the same problem. I , did you way to solve it? I use k8s.