Uploaded image for project: 'Maistra'
  1. Maistra
  2. MAISTRA-987

OCP 4.1+ use of nftables now prevents pod from reaching itself via localhost

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Minor Minor
    • None
    • None
    • upstream
    • None

      When we switched to the use of nftables it appears that something changed in the way IP traffic is blocked inside the pod's network.

      Previously one could do:

      {{oc exec PODNAME -c CONTAINERNAME – curl localost:8080 }}

      This now never returns. One must do:

      oc exec PODNAME -c istio-proxy – curl localhost:8080

      However, many applications likely use localhost for various things, and multi-container-pods almost assuredly do this.

              Unassigned Unassigned
              erikmjacobs Erik Jacobs
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: