This message was deleted.

There's a few different network layers. There's an internal k8s layer, and then there's the internal (backend) network between the nodes, and potentially an external network (that's public facing)

@bland-article-62755 the nodes are on a different CIDR block. The block given by the infra team is meant to be for kubernetes resources only. So, my question is can I use that block for the cluster so that the resources inside the cluster get an IP address within that CIDR block?

I'm pretty sure the CNI uses wireguard over the Node's CIDR block so it's not exposed that way.

Okay. Got it. Basically, the scenario is that the application inside the pod has to authenticate with the customer's own AD for which we have to do NAT. So what I understood from this discussion is that I won't be needing service's IP address for NAT. Instead, I can use the IP address of the node for this purpose? FYI, I have an ingress resource working as a LB as well that takes the request and the forwards it to service that takes it to the relevant pod. So, I can use the IP address of the LB/node for NAT and I don't need to put my cluster's resources inside a specific VLAN that is created in the switch?

Yeah I think the AD service will see it coming from the node (or the public IP depending on how things are set up) and not from the service address inside the cluster.

Alright. Thanks a lot mate

np