From caefb071a8b7cb7709f4d96335642e39ef7721ac Mon Sep 17 00:00:00 2001
From: Sienna Meridian Satterwhite <sienna@r3t.io>
Date: Mon, 9 Mar 2026 08:00:46 +0000
Subject: [PATCH] fix(ingress): use 10.0.0.0/8 bypass for all cluster-internal
 traffic

Pod IPs are in 10.0.0.0/24, not 10.42.0.0/16 as assumed. Broadening
to 10.0.0.0/8 covers pods, services, and CNI overlays.
---
 base/ingress/pingora-config.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/base/ingress/pingora-config.yaml b/base/ingress/pingora-config.yaml
index 006406c..8473483 100644
--- a/base/ingress/pingora-config.yaml
+++ b/base/ingress/pingora-config.yaml
@@ -67,7 +67,7 @@ data:
     enabled                = true
     eviction_interval_secs = 300
     stale_after_secs       = 600
-    bypass_cidrs           = ["10.42.0.0/16", "127.0.0.0/8", "::1/128"]
+    bypass_cidrs           = ["10.0.0.0/8", "127.0.0.0/8", "::1/128"]
 
     [rate_limit.authenticated]
     burst = 200