NodePort BPF service cannot be reached when L7 policy is applied / L7 visibility is enabled #8971
Labels
area/proxy
Impacts proxy components, including DNS, Kafka, Envoy and/or XDS servers.
kind/bug
This is a bug in the Cilium logic.
sig/datapath
Impacts bpf/ or low-level forwarding details, including map management and monitor messages.
Milestone
A NodePort BPF service cannot be reached when:
Sending the request to a host which SNATs the request and forwards it to the destination host works as expected.
The request (TCP SYN) enters the relevant TPROXY rule at the receiving host, and then disappears:
The text was updated successfully, but these errors were encountered: