fix(ingress): use 10.0.0.0/8 bypass for all cluster-internal traffic

Pod IPs are in 10.0.0.0/24, not 10.42.0.0/16 as assumed. Broadening to 10.0.0.0/8 covers pods, services, and CNI overlays.
2026-03-09 08:00:46 +00:00
parent a101ea4b06
commit caefb071a8
1 changed files with 1 additions and 1 deletions
--- a/base/ingress/pingora-config.yaml
+++ b/base/ingress/pingora-config.yaml
@@ -67,7 +67,7 @@ data:
    enabled                = true
    eviction_interval_secs = 300
    stale_after_secs       = 600
-    bypass_cidrs           = ["10.42.0.0/16", "127.0.0.0/8", "::1/128"]
+    bypass_cidrs           = ["10.0.0.0/8", "127.0.0.0/8", "::1/128"]

    [rate_limit.authenticated]
    burst = 200