Appearance
Networking
Overview of the cluster's networking infrastructure.
Components
| Component | Purpose |
|---|---|
| MetalLB | LoadBalancer IP allocation and L2 advertisement |
| Metaleg | Source IP rewriting for outbound traffic |
| Istio | Service mesh, Gateway API, mTLS |
| kube-router | CNI providing pod networking and network policies |
| CoreDNS | Cluster DNS |
Network Architecture
The cluster nodes have multiple network interfaces:
| Interface | Purpose | Network |
|---|---|---|
| eno1 | Node management / Talos API | Internal |
| eno2 | External traffic (MetalLB) | 141.89.58.0/24 |
| eno3 | Office network | 10.1.0.0/16 |
| data-1, data-2 | DRBD replication (storage) | Internal |
IP Allocation
External (from ZIM):
- IPv4: 36 addresses in 141.89.58.x (14 in use)
- IPv6: 2001:638:807:3a::/64
Office:
- IPv4: 10.1.0.0/16
- IPv6: 2001:638:807:403::/64
Internal cluster:
- Pod CIDR: 10.4.0.0/16, fd2b:82b9:d374::/48
- Service CIDR: 10.5.0.0/16, fd13:e0cf:3038:f209::/108
Ingress
External HTTP/HTTPS traffic flows through:
- MetalLB assigns an external IP to a Gateway
- Istio's gateway controller creates a LoadBalancer service
- Traffic arrives at the Gateway and is routed via HTTPRoute to backend services
Non-HTTP services (SMTP, IMAP, LDAP) use LoadBalancer services directly with MetalLB IPs.
DNS
External DNS is managed outside the cluster. Internal services use CoreDNS with the standard Kubernetes DNS naming:
<service>.<namespace>.svc.cluster.local
The office network has a dedicated DNS server at 10.1.0.254 for local resolution.