I am newbie to kubernetes. Trying to understand that what happens when I try to access google.com from inside the kubernetes pod.
Will the request directly reaches the google.com (offcourse not) or some dns lookup happens in /etc/hosts.allow file first before the call goes outside the pod ? What is the flow or journey of the egress call?
PS: I already have default coredns pod running.
What is Kubernetes egress call flow?
498 Views Asked by gaurav sinha At
1
There are 1 best solutions below
Related Questions in KUBERNETES
- Golang == Error: OCI runtime create failed: unable to start container process: exec: "./bin": stat ./bin: no such file or directory: unknown
- I can't create a pod in minikube on windows
- Oracle setting up on k8s cluster using helm charts enterprise edition
- Retrieve the Dockerfile configuration from the Kubernetes and also change container Java parameter?
- Summarize pods not running, by Namespace and Reason - I'm having trouble finding the reason
- How to get Java running parameters from Spring Boot running inside container in pod where no ps exist
- How do we configure prometheus server to scrape metrics from a pod with Istio sidecar proxy?
- In rke kube-proxy pod is not present
- problem with edge server registration in Eureka
- Unable to Access Kubernetes LoadBalancer Service from Local Device Outside Cluster
- Kubernetes cluster on GCE connection refused error
- Based on my experience, I've outlined the Kubernetes request flow. Could someone please add or highlight any points I might have overlooked?
- how to define StackGres helm chart "restapi" values to use internal LoadBalancer - AWS EKS
- Python3.11 can't open file [Errno 2] No such file or directory
- Cannot find remote pod service - SERVICE_UNAVAILABLE
Related Questions in KUBERNETES-POD
- K8s cluster deployment error: nc: bad address 'xx'
- Hazelcast deployment on Kubernetes without Cluster Roles
- Kubernetes - one of the containers to act as a proxy to the main app in a pod
- How to get EKS Pod role with aws command
- Is there a way to measure CPU usage inside the Kubernetes POD?
- Understanding Kubernetes eviction algorithm
- kubernetes pods getting evited with error "eviction manager: attempting to reclaim memory" even if memory consumption is far less
- Comunication multiple containers in multiple pods in kubernetes
- Use init container for running commands in the actual pod
- Helm, Kubernetes, how to configure Pod to access a service outside the cluster?
- How do I configure opensearch as a logstash output properly, I am getting a host unreachable error
- Why there is no concept of nodepool in Kubernetes?
- Observing weird kubernetes behavior while deleting using yaml
- MySql databases deleted on new deployment in kubernetes
- unable to access mongodb Replicaset pods from other pods | connect EHOSTUNREACH 10.1.231.87:27017
Related Questions in HOSTS
- In Android emulator with sdk 30 or higher, hosts file is reset to default
- [Errno 13]:Permission Denied when trying to edit the hosts file with a script in .ps1, in .py and in .bat. Hosts file with full permission to edit
- Ansible "Failed to resolve hostname inventory_hostname (Name or service not known)"
- nginx: how to redirect a domain name based request to a specific IP so they can't bypass a WAF
- Is it possible to block ONLY the homepage of YouTube but not its videos using /etc/hosts?
- How to access localhost through NGROK tunnel running on Docker Windows?
- How to access Next.js Application from a fixed Hostname in Local Environment?
- Replace ajax response of a json file from a website to a local json file
- /etc/hosts not working when connected to WIFI MacOS
- Confusing behavior when attempting to use the HOSTALIASES environment variable
- How to set up redirection from one page to another within the same site on a Windows computer
- getaddrinfo ENOTFOUND localcdn
- Spring server.address=localhost cannot connect from Node.js fetch api
- How to make Chrome allow http request to custom local domain?
- zsh: permission denied: /etc/hosts
Related Questions in HOSTS-FILE
- In Android emulator with sdk 30 or higher, hosts file is reset to default
- [Errno 13]:Permission Denied when trying to edit the hosts file with a script in .ps1, in .py and in .bat. Hosts file with full permission to edit
- How to access localhost:port by domain names
- app.localhost is still resolved by curl as 127.0.0.1 though overriden in /etc/hosts on Amazon Linux 2
- Powershell script doesn't use the updated IP address in the hosts file when Invoke Invoke-RestMethod
- Error with npm install : getaddrinfo ENOTFOUND hostname-entry-in-hosts-file at GetAddrInfoReqWrap.onlookup
- purpose of Ingress as etc/hosts makes redirection to NodePort?
- etc/hosts entry always opened as https
- Domain name is not loading the response but localhost works
- display tomcat localhost page using hosts file in windows
- where does localhost name get resolved on windows?
- How to edit hosts file on android emulator API 30 (Android R)
- Hosts file working for custom subdomains but not custom domains
- Binding web address to localhost
- What is Kubernetes egress call flow?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
I think this question could be divided on 2 different topics:
DNSresolution.Podnetworking when trying to reach external sources.Answering both of this question could be quite lengthy but I will try to give you a baseline to it and add additional documentation that would be more in-depth.
DNSresolution that is happening inside/outside of the cluster:As you've already stated you're using
CoreDNS. It will be responsible in your setup for yourDNSresolution. YourPodswill query it when looking for the domains that are not included locally (for example/etc/hosts). After they've received the responses, they will contact external sources (more on that later).Your
CoreDNSis most likely available under one of theServicesin your cluster:$ kubectl get service --all-namespacesI'd reckon you can find a lot of useful information in the official documentation:
You can also follow this guide for more hands on experience:
Pod networking when trying to reach external sources:
Each Kubernetes solution could differ on how exactly is handling networking. Please reach to the documentation of your solution for more details. The main premise of it is that the
Podwon't "directly" communicate with the external sources. Below you can find more information on the reasoning behind it:In short assuming no others factors (like additional
NATused by your cloud provider) yourPodwill try to contact the external sources with theNode IP(by usingSource NAT).You can find more in-depth explanation on the packet life (some aspects are
GKEspecific) by following:17:55minute mark.Additional resources
Coredns.io: Plugins: Log - you can modify the
CoreDNSConfigMap($ kubectl edit configmap -n kube-system corednsto enable logging to stdout ($ kubectl logs ...) to see more in-depth query resolution.Speakerdeck.com: Thockin: Kubernetes and networks why is this so damn hard: Slide 57 - more on the Kubernetes networking.