Description
After the standard installation, I noticed that the Pod to Pod network were broken. I tried to expose some services through an ingress, but the ingress provider's pod was unable to reach the backend pod by timeouts or connection refuses. instead, no issue by connect from a pod to a service by using DNS.
After digging more, I discovered that I need to add the interface cni0 to the trusted zone in firewalld to make it work.
Disable firewalld is not an option since I have a single interface with a public exposed IP.
I'm not sure if it's a combination of things and configurations, or a specific problem about firewalld configuration.
Expected behavior
It's expected to be able to have pod network working.
Actual behavior
No connection can be established between pods in my case.
Reproduction steps
[root@rem ~]# firewall-cmd --permanent --zone=trusted --remove-interface=cni0
success
[root@rem ~]# firewall-cmd --reload
success
[root@rem ~]# kubectl exec -it traefik-76dc4fcf59-g6fmk -- wget 10.42.0.17:8080 -T 2
Connecting to 10.42.0.17:8080 (10.42.0.17:8080)
wget: can't connect to remote host (10.42.0.17): Host is unreachable
command terminated with exit code 1
[root@rem ~]# firewall-cmd --permanent --zone=trusted --add-interface=cni0
success
[root@rem ~]# firewall-cmd --reload
success
[root@rem ~]# kubectl exec -it traefik-76dc4fcf59-g6fmk -- wget 10.42.0.17:8080 -T 2
Connecting to 10.42.0.17:8080 (10.42.0.17:8080)
wget: server returned error: HTTP/1.1 404
command terminated with exit code 1
[root@rem ~]# kubectl get pods -A -o wide
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
default traefik-76dc4fcf59-g6fmk 1/1 Running 1 88m 10.42.0.16 rem <none> <none>
guacamole guacamole-client-54c95fcf7b-bphcq 1/1 Running 1 135m 10.42.0.17 rem <none> <none>
guacamole guacamole-guacd-cf4d5c558-vhrrk 1/1 Running 1 135m 10.42.0.15 rem <none> <none>
guacamole postgres-guacamole-0 1/1 Running 1 169m 10.42.0.14 rem <none> <none>
kube-system coredns-9f5c69f77-7lvg4 1/1 Running 1 36h 10.42.0.18 rem <none> <none>
local-path-storage local-path-provisioner-75c57654b4-z5phd 1/1 Running 2 (55m ago) 36h 10.42.0.13 rem <none> <none>
[root@rem ~]#
Environment
OS: Almalinux 9.7 (Moss Jungle Cat)
Kubesolo version: v1.1.4
Deployment type: VPS on Public provider with 1vCpu/2GB Ram, 20 GB hdd.
I'm available to provide more infos or tests.
Description
After the standard installation, I noticed that the Pod to Pod network were broken. I tried to expose some services through an ingress, but the ingress provider's pod was unable to reach the backend pod by timeouts or connection refuses. instead, no issue by connect from a pod to a service by using DNS.
After digging more, I discovered that I need to add the interface cni0 to the trusted zone in firewalld to make it work.
Disable firewalld is not an option since I have a single interface with a public exposed IP.
I'm not sure if it's a combination of things and configurations, or a specific problem about firewalld configuration.
Expected behavior
It's expected to be able to have pod network working.
Actual behavior
No connection can be established between pods in my case.
Reproduction steps
Environment
OS: Almalinux 9.7 (Moss Jungle Cat)
Kubesolo version: v1.1.4
Deployment type: VPS on Public provider with 1vCpu/2GB Ram, 20 GB hdd.
I'm available to provide more infos or tests.