Data getting lost between Flannel and CNI.

[schintalapudi]

Issue - I have a single master - single worker cluster built using two servers with RHEL 8.6, Kubernetes 1.23.7 and Flannel 1.1.0. An NGINX ingress controller is configured with NodePort on 30443. When trying to access a service using the port, it times out. The TCPDUMP log shows that data is coming till Flannel on worker node and does not reach CNI on the same node. Though we are able to ping the Ingerss Controller pod IP (running on worker node) from master node, the service request is unable to reach it.

Expected - The service request should reach the ingress controller on worker node without any issue.

[schintalapudi]

Please note that both the servers are VMs configured on VMWare.

[HariVamsiK]

Hey @schintalapudi I would like to work on this issue. Could you assign it to me and provide some info. This would be a great add-on for my academics.

[dcbw]

@schintalapudi can you describe a bit more about your architecture on the node itself? If the data reaches the node via flannel but doesn't reach the Pod, then I'd suspect a misconfiguration of the CNI bits or the flannel config that creates the network itself.

What kind of node-local network are you using? Bridge? Are you using the CNI portmap plugin to expose pods to the outside network?

Is the traffic that lands on the node already DNAT-ed to the pod itself (since you say it's a service) ?

[MikeZappa87]

Are you using vxlan or host-gw backend? It is unclear from your message