Microk8s - Networking in pod unstable

Question

I'm running a tiny Microk8s cluster with dns and helm addons enabled. On it i run Redis, MySQL and a webserver. On the host system the following cURL request works no matter what, at every attempt:

curl 'https://www.google.dk' -vvv

If i tty into a pod and do the very same command, then on every 2nd/3rd attempt i get:

*   Trying 216.58.206.67:443...
*   Trying [2a00:1450:4001:801::2003]:443...
* Immediate connect fail for 2a00:1450:4001:801::2003: Network is unreachable

Any idea on what could be causing this?

score 0 · Answer 1 · answered Apr 20 '24 at 11:11

Okay. I managed to locate the problem. Technically, I'm not sure why this is - if someone else can post an answer explaining, then i will accept that answer.

Hetzner templates for HTTP has a rule for ack flagged incoming traffic. This is to allow responses to come through. The specific rule was limited to a higher port range, which looks to be totally fine on the host system. However, this looks to cause issues from within the pod. Expanding it to the entire port range and not just the narrowed one, worked!

Microk8s - Networking in pod unstable

1 Answers1