I run an ingress controller in my cluster (Traefik) and use Ingress resource to expose numerous services.
I also use Cilium in policy audit mode currently, along with DNS proxy enabled to catch what connections are being made from pods and the outer world to craft suitable policies.
When I curl an URL of ingress running in my cluster from a pod covered by a restrictive policy, I don't see the connection to said ingress FQDN, rather just a connection to Traefik controller pod on port 443.
While technically correct, I would expect to see the connection to FQDN of the ingress but that's not the case, why is that?
I run an ingress controller in my cluster (Traefik) and use Ingress resource to expose numerous services.
I also use Cilium in policy audit mode currently, along with DNS proxy enabled to catch what connections are being made from pods and the outer world to craft suitable policies.
When I
curlan URL of ingress running in my cluster from a pod covered by a restrictive policy, I don't see the connection to said ingress FQDN, rather just a connection to Traefik controller pod on port 443.While technically correct, I would expect to see the connection to FQDN of the ingress but that's not the case, why is that?