0

I'm trying to use the bridge CNI plugin with a standalone kubelet and I'm unable to ping pods from each other (same node).

I'm able to ping a pod from the host and from the pod itself (using its subnet IP).

Also, packets from the "caller" pod reach the bridge : 10:28:00.951871 IP ip-10-0-1-4.eu-west-3.compute.internal > ip-10-0-1-5.eu-west-3.compute.internal: ICMP echo request, id 15, seq 22, length 64

but not the other pod's interface (tcpdump doesn't see any ping).

the pod I try to reach has the 10.0.1.5 IP address (I'm able to ping it there from host and from itself)

cni config :

{ "cniVersion": "0.3.1", "name": "bridge", "type": "bridge", "bridge": "cnio0", "isGateway": true, "ipMasq": true, "ipam": { "type": "host-local", "ranges": [ [{"subnet": "10.0.1.0/24"}] ], "routes": [{"dst": "0.0.0.0/0"}] } }

brctl shows that the 2 veth pairs are actually connected to the bridge.

I also tried to add the firewall CNI plugin, and load it after the bridge, without more success...

Is there something else I have to configure in order to get it working ?

Improve this question

1 Answer 1

Reset to default
1

I was adding the firewall as a separate file.

Setting bridge and firewall together actually works :

cat <<EOF | sudo tee /etc/cni/net.d/10-bridge.conflist { "cniVersion": "0.4.0", "name": "bridge-firewalld", "plugins": [ { "type": "bridge", "bridge": "cnio0", "isGateway": true, "ipMasq": true, "ipam": { "type": "host-local", "subnet": "10.0.1.0/24", "routes": [ { "dst": "0.0.0.0/0" } ] } }, { "type": "firewall", "backend": "iptables" } ] } EOF
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.