Cilium connectivity test fails on Fargate nodes

[fe-ax]

Bug report

Connectivity test fails on Fargate nodes due to not having the nodePort opened.

Example:

  ❌ host-entity-egress/pod-to-host/ping-ipv4-internal-ip: cilium-test/client2-5696665676-qfpmd (10.2.191.219) -> 10.2.46.18 (10.2.46.18:0)
  ❌ host-entity-egress/pod-to-host/ping-ipv4-internal-ip: cilium-test/client2-5696665676-qfpmd (10.2.191.219) -> 10.2.84.9 (10.2.84.9:0)
  ❌ host-entity-egress/pod-to-host/ping-ipv4-internal-ip: cilium-test/client3-6786f98c69-l9tc6 (10.2.140.51) -> 10.2.193.129 (10.2.193.129:0)
  ❌ host-entity-egress/pod-to-host/ping-ipv4-internal-ip: cilium-test/client3-6786f98c69-l9tc6 (10.2.140.51) -> 10.2.46.18 (10.2.46.18:0)
  ❌ host-entity-egress/pod-to-host/ping-ipv4-internal-ip: cilium-test/client3-6786f98c69-l9tc6 (10.2.140.51) -> 10.2.84.9 (10.2.84.9:0)
  ❌ host-entity-egress/pod-to-host/ping-ipv4-internal-ip: cilium-test/client3-6786f98c69-l9tc6 (10.2.140.51) -> 10.2.126.44 (10.2.126.44:0)

Node list:

fargate-ip-10-2-126-44.eu-central-1.compute.internal    Ready    <none>   3h8m   v1.29.0-eks-680e576
fargate-ip-10-2-193-129.eu-central-1.compute.internal   Ready    <none>   20h    v1.29.0-eks-680e576
fargate-ip-10-2-46-18.eu-central-1.compute.internal     Ready    <none>   20h    v1.29.0-eks-680e576
fargate-ip-10-2-84-9.eu-central-1.compute.internal      Ready    <none>   3h8m   v1.29.0-eks-680e576
ip-10-2-160-121.eu-central-1.compute.internal           Ready    <none>   121m   v1.29.1-eks-61c0bbb
ip-10-2-168-124.eu-central-1.compute.internal           Ready    <none>   123m   v1.29.1-eks-61c0bbb

General Information

• Cilium CLI version (run cilium version)

  cilium-cli: v0.16.7 compiled with go1.22.2 on linux/amd64
  cilium image (default): v1.15.4
  cilium image (stable): v1.15.4
  cilium image (running): 1.15.4

• Orchestration system version in use (e.g. kubectl version, ...)

  Client Version: v1.29.2
  Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
  Server Version: v1.29.3-eks-adc7111

• Platform / infrastructure information (e.g. AWS / Azure / GCP, image / kernel versions) AWS
• Link to relevant artifacts (policies, deployments scripts, ...)
• Generate and upload a system zip: cilium sysdump

How to reproduce the issue

1. Run a node in Fargate, like CoreDNS with EKS config:

  cluster_addons = {
    coredns = {
      addon_version = "v1.11.1-eksbuild.9"
      configuration_values = jsonencode({
        computeType = "Fargate"
        resources = {
          limits = {
            cpu = "0.25"
            memory = "256M"
          }
          requests = {
            cpu = "0.25"
            memory = "256M"
          }
        }
      })
    }
  }

2. Run connectivity test

[github-actions[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.