In Kubernetes, when kube-proxy is configured in iptables mode, it will create DNAT rules to forward packets to the service endpoints (the pod IPs). If the service changes its endpoints, and one endpoint is removed, would that affect existing open TCP sockets, or is the kernel stateful in a way that remembers those sessions and they are kept alive until closed by one of the two peers?
Asked
Active
Viewed 33 times
0
-
I ended up doing some testing on Kubernetes backed by AWS ALB, and looks like the connection is kept alive even after the service endpoint (and related iptables DNAT rule), so I guess it means that the linux networking subsystem is stateful and remembers sessions. – michelesr Mar 25 '22 at 12:24