Question

How to insert or append iptables rules in a k8s cluster in initContainers?

I’m trying to automatically forward incoming traffic in a multi-container pod. For example, here’s my setup:

DigitalOcean k8s cluster: service test-service:80 -> pod:2000 test-pod-container1: listen http port 2000 test-pod-container2: listen http port 3000 initContainers:

  • iptables -t nat -I PREROUTING -p tcp --dport 2000 -j DNAT --to 3000
  • iptables -I FORWARD -p tcp --dport 3000 ACCEPT

So, the pod has 2 containers, the first with an insecure web server on port 2000 and the second with an insecure web server on port 3000. I want to use something like iptables to adjust routing for anything inbound to the first http server:2000 to redirect to the second http server:3000 so that the first web server never gets hit. And, I don’t want to modify the service to point to 3000.

I’m able to get iptables to run in priveleged mode on a DO k8s cluster and add the rules but there are no other rules present. So, is this a security issue or what am I doing wrong?

What I’m after is similar to this: https://venilnoronha.io/hand-crafting-a-sidecar-proxy-and-demystifying-istio

Thanks in advance, Grant


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer