Welcome to the Linux Foundation Forum!

Lab 8.1 routing issue


Hi all,
I deployed and exposed nginx-one, the pods landed on my second node (kube-worker-01) as expected

ubuntu@kube-ctrl-01:~/labs/8.1-service$ kubectl -n accounting describe pod nginx-one-755bd7c7d5-kq777
Name:         nginx-one-755bd7c7d5-kq777
Namespace:    accounting
Priority:     0
Node:         kube-worker-01/
Start Time:   Thu, 28 May 2020 19:43:19 +0000
Labels:       pod-template-hash=755bd7c7d5
Annotations:  cni.projectcalico.org/podIP:
Status:       Running

However, curl from the control node does not work (since there is no route)

ubuntu@kube-ctrl-01:~/labs/8.1-service$ curl
curl: (7) Failed to connect to port 80: Connection refused

route -n UH    0      0        0 cali8f6751be4be UH    0      0        0 cali99d95d831c3 UH    0      0        0 calid152b729a3f

The pod itself if fine, I can curl it from the second node where it resides

ubuntu@kube-worker-01:~$ curl
<!DOCTYPE html>

I would expect calico to handle inter-node communication via tunl0 interfaces, correct ?

Thanks and regards

Piotrek Z


  • chrispokorni
    chrispokorni Posts: 2,177

    Hi Piotrek,

    Your situation is consistently reported in the forum, and it reflects the cluster's inability to route traffic between nodes, typically because of a firewall that is blocking specific ports. When there is an infrastructure firewall and/or even an OS firewall, Kubernetes will not be able to go around it. Kubernetes does not manage the infrastructure on your behalf, it only uses it as-is.

    I would recommend revisiting your firewall rules. At the infrastructure level allow all ingress traffic from all sources, all protocols, to all ports, and at the nodes' OS level disable any firewall you may have running.



Upcoming Training