How does this work?

[georgejdli]

In this example are we making routing rule changes to the underlying k8s nodes?

[bowei]

Yes, we are modifying the Linux iptables directly.

[georgejdli]

Thanks for the response! I'm new to iptables and had a limited understanding of the network isolation options in Kubernetes so I didn't understand how the rules were being applied by running commands in a k8s container.

For others that were wondering like I was:

• this example uses hostNetwork: true so there is no network isolation between the container and the Kubernetes node
• this means any iptables commands run on the container will modify the rules on the underlying Kubernetes node

If you're looking to apply rules "locally" to a pod you can disable hostNetwork and run a side car container to run the iptables comments:

This means the iptables rules will only apply within the pod's network isolation and not affect any other traffic within the cluster.