hello everyone,
i'm using rancher with calico, as i see My firewall can see my k8s ClusterIP,
like that source (nodeIP) destination (clusterIP)
and i whant to disable traffice route from my k8s cluster to my firewall i have not BGP configuration i have only this configuration:
question how can i disable announce my cluster ip to outside of k8s
i whant when pod trying to connect clusterIP don't go to outside from node connect from inside bettwing nodes
root@rke-worker04:~# k get
ippools.crd.projectcalico.org default-ipv4-ippool -o yaml
apiVersion:
crd.projectcalico.org/v1
kind: IPPool
metadata:
annotations:
projectcalico.org/metadata: '{"uid":"38607f3c-c3cc-4a57-be59-3652f1b055aa","creationTimestamp":"2022-09-19T06
3420Z"}'
creationTimestamp: "2022-09-19T06
3420Z"
generation: 1
name: default-ipv4-ippool
resourceVersion: "42199"
uid: 167f9f78-d05f-4233-8bc1-4f60dc93a51a
spec:
allowedUses:
- Workload
- Tunnel
blockSize: 26
cidr: 10.42.0.0/16
ipipMode: Never
natOutgoing: true
nodeSelector: all()
vxlanMode: CrossSubnet