Service request routing when no Pods available

Hi there,
I’m dealing with a strange issue. I have some containers that are trying to send TCP requests to a service within K8s cluster, but somehow these requests are routed outside K8s.
They hit a perimeter firewall.
The service doesn’t have any endpoints because the backing pods are failing to start, so I accept that requests to the service will fail, but I wasn’t expecting these requests to be routed elsewhere.
Any idea what could be causing this?


Cluster information:

Kubernetes version:1.12
Cloud being used: bare-metal
Installation method:
Host OS: CoreOS
CNI and version: Flannel
CRI and version:

What k8s version? In the last few releases we have been patching gaps that sound like this, to return ICMP rejection rather than letting service IPs “fall through”.

K8s 1.12.3


So, I suspect this bug has been fixed since then. 1.12 is beyond the backport horizon we typically support, but is there any way you can try against a more recent kube-proxy?

1 Like

We are due to upgrade to 1.13 in the next couple of weeks, so we’ll know then.

1 Like