-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
LoadBalancer service unable to reach external Endpoint #26515
Comments
The same situation with version 1.14.0-rc.0 |
Thanks for the issue. Are you saying that you are able to connect to the service from outside the cluster, but not able from inside the cluster? |
I am able to connect from within the cluster as well as from the host network of the Kubernetes node. However, not from any other external device. |
I think I found the issue. As can be seen from the Wireshark capture above the external endpoint's traffic is directly routed to the |
Aha, so I think the failure is expected. What happens is that the external IP owner ( |
Would it be possible to add this special case to the hybrid mode and let the endpoint use SNAT? |
Today, the hybrid mode is per L4 protocol (i.e., TCP / UDP), and not per service type / configuration. Feel free to create a CFP for the latter. |
Is there an existing issue for this?
What happened?
I point a custom Endpoint to an external IP address and use a LoadBalancer service that is linked to this Endpoint. I expect to be able to reach the external service using the LoadBalancer IP address but am unable to connect. Strangely, I can connect to the external service using the LoadBalancer IP address from any node but not from outside the cluster.
Cilium Version
Client: 1.14.0-snapshot.4 6c8db75 2023-06-16T12:17:20-07:00 go version go1.20.5 linux/arm64
Daemon: 1.14.0-snapshot.4 6c8db75 2023-06-16T12:17:20-07:00 go version go1.20.5 linux/arm64
Kernel Version
6.1.21-v8+ aarch64 GNU/Linux
Kubernetes Version
v1.27.2+k3s1
Metallb Version
v0.13.10
Sysdump
cilium-sysdump-20230627-234741.tar.gz
The sysdump file extension had to be modified in order to upload to GitHub. Change it back to
.tar.zst
before attempting to unpack.Relevant log output
Anything else?
I have switched the CNI plugin from tigera/calico and over there the aforementioned configuration was working fine.
Follow these steps to re-create the issue:
Code of Conduct
The text was updated successfully, but these errors were encountered: