Life of a Request Inside Kubernetes

Once traffic hits the cloud, the complexity increases.

1. The Load Balancer

Traffic hits the AWS ALB. It terminates TLS. It picks a target Node.

2. NodePort / Ingress

The packet hits the Node's iptables rules. It is NAT'd to the internal Pod IP.

3. The CNI Plugin (Container Network Interface)

Plugins like Calico or Cilium handle the routing between nodes. They might use VXLAN (encapsulation) or BGP (direct routing).

4. Service Mesh (Istio/Linkerd)

Before hitting the app, the packet is intercepted by an Envoy sidecar proxy. This proxy adds mutual TLS (mTLS), logs metrics, and checks ACLs.

Only then does the application see the request.