Why HostPort Can Hijack Your Service Traffic in Kubernetes

The article investigates a puzzling Kubernetes issue where using hostPort caused MySQL traffic to be redirected to the wrong pod, explains how iptables rules inserted by the CNI portmap plugin override Service rules, and provides reproducible experiments and practical recommendations to avoid such problems in production.

CNIKubernetesNetworking

0 likes · 11 min read

Why HostPort Can Hijack Your Service Traffic in Kubernetes

Efficient Ops

Aug 18, 2021 · Operations

Why HostPort Breaks Kubernetes Service Routing and How to Fix It

This article explains how using hostPort in a Kubernetes cluster injects iptables NAT rules that override normal Service routing, causing unexpected MySQL connection failures, and provides step‑by‑step troubleshooting, reproduction, and recommendations to avoid hostPort in production.

CNIhostPortiptables

0 likes · 10 min read

Why HostPort Breaks Kubernetes Service Routing and How to Fix It