PTAL Weibin is testing this. I will let you know results.
OVN add iptables rule for traffic from pod to external
bug: 1626387 https://bugzilla.redhat.com/show_bug.cgi?id=1626387
Jira: SDN-182 Add firewall rule to permit pod to access node https://jira.coreos.com/browse/SDN-182
Signed-off-by: Phil Cameron
- 点赞 评论 复制链接分享
- weixin_39617044 4月前
Testing the PR and container can ping the outside hostname now.点赞 评论 复制链接分享
Also, the bug is that the pod cannot access the node where it is running, right? It can access other nodes, though?点赞 评论 复制链接分享
the pod can't access the host. internal cluster networking is OK (as far as I know). There is a similar rule in openshift-sdn that permits pods to access the host.点赞 评论 复制链接分享
There is a similar rule in openshift-sdn that permits pods to access the host.
That is likely because openshift adds a chain with that name when installing the cluster?点赞 评论 复制链接分享
Openshift installs and uses firewalld for firewalling. The FIREWALL_ALLOW_CHAIN chain is where the INPUT rules are added. There is no reason to not just add this rule to INPUT (see latest change).点赞 评论 复制链接分享
You may have forgotten to push your latest changes.点赞 评论 复制链接分享
I just pushed them. Sorry, don't know what happened before.点赞 评论 复制链接分享
On 10/22/2018 11:28 AM, Gurucharan Shetty wrote:
You may have forgotten to push your latest changes.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/openvswitch/ovn-kubernetes/pull/456#issuecomment-431868988, or mute the thread https://github.com/notifications/unsubscribe-auth/ANUgev6GDDqrL3vMj6bPT6miJMd9H5rcks5uneQpgaJpZM4Xwmt-.
I don't know what happened, I pushed them again and hopefully all is well now.点赞 评论 复制链接分享
My iptables confidence is not high. One of you please have a look.点赞 评论 复制链接分享