Service request routing when no Pods available

michele.curioni · September 17, 2019, 5:21pm

Hi there,
I’m dealing with a strange issue. I have some containers that are trying to send TCP requests to a service within K8s cluster, but somehow these requests are routed outside K8s.
They hit a perimeter firewall.
The service doesn’t have any endpoints because the backing pods are failing to start, so I accept that requests to the service will fail, but I wasn’t expecting these requests to be routed elsewhere.
Any idea what could be causing this?

Thanks,
Michele

Cluster information:

Kubernetes version:1.12
Cloud being used: bare-metal
Installation method:
Host OS: CoreOS
CNI and version: Flannel
CRI and version:

thockin · September 17, 2019, 5:52pm

What k8s version? In the last few releases we have been patching gaps that sound like this, to return ICMP rejection rather than letting service IPs “fall through”.

michele.curioni · September 18, 2019, 11:42am

K8s 1.12.3

Michele

thockin · September 18, 2019, 3:25pm

So, I suspect this bug has been fixed since then. 1.12 is beyond the backport horizon we typically support, but is there any way you can try against a more recent kube-proxy?

michele.curioni · September 18, 2019, 3:31pm

We are due to upgrade to 1.13 in the next couple of weeks, so we’ll know then.
Thanks

Topic		Replies	Views
K8S outtrafic pod General Discussions	12	1430	November 17, 2019
Pod traffic not routed correctly General Discussions	0	500	December 22, 2020
How does a service choose which pod to send request to? The inner workings General Discussions service , network	0	277	September 4, 2023
Routing externally sourced packets to a container receiving on IP 0.0.0.0 General Discussions	1	462	September 29, 2021
Traffic going to service IP is "leaking" from nodes General Discussions	0	702	July 23, 2018

Service request routing when no Pods available

Cluster information:

Related Topics