Since the Pod network is not internet routable, the packets get masqueraded (SNAT) along the way.
Where, depends on if the node's machine's port has a floating IP associated with it.
Node has an associated floating IP
The packets get NATed at the Floating IP.
Node has no floating IP
The packets get NATed at the network's router's public interface.
You can find out the IP by looking at the router:
openstack router show metakube-<cluster id>
All packets coming from your cluster have the same source IP.
This may be a problem when the endpoint host enforces any kind of IP based rate limiting, e.g. Docker Hub.
To find out the source IP from within the cluster, you may use
GET ip.syseleven.de
.
Note: Don't confuse with the Kubernetes resource Ingress!
The most convenient way to expose an application in your cluster to the internet, is through a LoadBalancer
Service.
MetaKube integrates with the cloud provider to manage external load balancers automatically.
For more information, see load balancers.
A NodePort
Service forwards endpoints on a fixed port on each Kubernetes Node.
30000-32767
.spec.externalTrafficPolicy
.With externalTrafficPolicy: Cluster
(default) packets are masqueraded at the node.
The source IP may be the internal node IP, or the IP of the CNI bridge interface (if the endpoint is on the same node).