Kubernetes network policy blocks traffic between nodes on AKS Kubernetes network policy blocks traffic between nodes on AKS kubernetes kubernetes

Kubernetes network policy blocks traffic between nodes on AKS


kubernetes azure-aks kubernetes-networkpolicy kubernetes-networking

Looks like you hit a known problem in AKS clusters v1.19+ around "Pod IP SNAT/Masquerade behavior".

How it affects clusters using Calico's plugin for Network Policies was explained there by other users:

Just for information of other users, this issue causes problem for a NetworkPolicy with podSelector configs. Since the policy will be set based on the ipset of the pods in the IPtables by Calico, but the source IP of the packet is set to the node IP and even the packets that are supposed to be allowed will be dropped.

Please read more about this problem in github issue #2031, along with the hard fix (node image upgrade) or workaround (run Daemonset creating SNAT exemption in iptables).

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last