1

I'm running a tiny Microk8s cluster with dns and helm addons enabled. On it i run Redis, MySQL and a webserver. On the host system the following cURL request works no matter what, at every attempt:

curl 'https://www.google.dk' -vvv

If i tty into a pod and do the very same command, then on every 2nd/3rd attempt i get:

*   Trying 216.58.206.67:443...
*   Trying [2a00:1450:4001:801::2003]:443...
* Immediate connect fail for 2a00:1450:4001:801::2003: Network is unreachable

Any idea on what could be causing this?

danniehansenweb
  • 111
  • The above was on Ubuntu 22.04 running Microk8s 1.28. I have since attempted to reinstall ubuntu 20.04 with microk8s 1.30. Here i got the exact same outcome. Everything is good on the host, but inside of the pod every other network call receives Network is unreachable or Connection timed out – danniehansenweb Apr 19 '24 at 20:34
  • Also running this on a dedicated machine at Hetzner, not sure if that makes a difference. – danniehansenweb Apr 19 '24 at 21:18
  • I have since the last comment attempted to install RKE2, this was done with a clean linux installation - but here i experienced the exact same problem. I'm almost all out of ideas.

    I have also tried to run a plain ubuntu base image, install curl and then try this exact curl command as well - same problem.

    So it's neither the flavor of kubernetes, ubuntu version or pod image.

     – danniehansenweb Apr 20 '24 at 10:01

1 Answers1

0

Okay. I managed to locate the problem. Technically, I'm not sure why this is - if someone else can post an answer explaining, then i will accept that answer.

Hetzner templates for HTTP has a rule for ack flagged incoming traffic. This is to allow responses to come through. The specific rule was limited to a higher port range, which looks to be totally fine on the host system. However, this looks to cause issues from within the pod. Expanding it to the entire port range and not just the narrowed one, worked!

danniehansenweb
  • 111