Robert Volkmann
Robert Volkmann
``` Jul 15 16:30:12 fw kernel: nftables-metal-dropped: IN=vrf20 OUT=vlan104009 MAC=42:61:1b:94:d5:5b:02:42:ac:11:00:04:08:00 SRC=10.0.0.2 DST=1.1.1.1 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=63395 DF PROTO=TCP SPT=46700 DPT=80 WINDOW=35840 RES=0x00 SYN URGP=0 ```
`firewall-controller.service` and `droptailer.service` are in a crash loop.
I already switched to https://1.1.1.1 but it still doesn't work on the GitHub runners.
Accessing the internet from the machine works on the GitHub runner as well, but SSH login to the firewall still does not work.
The firewalls have an input chain allowing SSH access: ``` tcp dport ssh ct state new counter accept comment "SSH incoming connections" ``` instead of the input chain that is...
@majst01 Thanks for remaining on: It’s always MTU, unless it’s DNS.
@GrigoriyMikhalkin What is your opinion?
I tested performance between machines and observed no differences between macvtap and tc-redirect.
Maybe rename the role `leaf` to `cumulus`.
@vknabel Do want to support empty RegistryMirrors or not? https://github.com/metal-stack/gardener-extension-provider-metal/blob/b38f4e809a4fd20ae5d0b48022f20784a1e32521/pkg/webhook/shoot/mutator.go#L170 https://github.com/metal-stack/gardener-extension-provider-metal/blob/b38f4e809a4fd20ae5d0b48022f20784a1e32521/pkg/webhook/controlplane/ensurer.go#L663