Container networking broken after Windows Server 2022 July 2024 / KB5040437 (OS Build 20348.2582) update - Githubissues

projectcalico / calico

Cloud native networking and network security

https://docs.tigera.io/calico/latest/about/

Apache License 2.0

5.87k stars 1.31k forks source link

Container networking broken after Windows Server 2022 July 2024 / KB5040437 (OS Build 20348.2582) update #9019

Open avin3sh opened 1 month ago

avin3sh commented 1 month ago

Expected Behavior

I should be able to ping or curl from within the pod without receiving General failure errors.

Current Behavior

ping 1.1.1.1 returns General failure when the Pod is running on a Windows worker with KB5040437 applied

Steps to Reproduce (for bugs)

Setup the Windows Worker as usual, per doc. I use dVXLAN.
Schedule a Pod on the Windows Worker, I used mcr.microsoft.com/dotnet/samples:aspnet image
Expose the Pod through a Service - pod is unreachable
Exec into the pod and try ping 8.8.8.8 or curl a network URI - both fail

Context

This breaks critical networking fuctionality from within the Pod and the Pod is unreachable from the outside.

Your Environment

Calico version: 3.28.0
Orchestrator version: Kubernetes 1.27.15
Operating System and version: Windows Server 2022

coutinhop commented 1 month ago

There's currently a known issue going on with this Windows update KB5040437 (not caused by Calico): https://github.com/microsoft/Windows-Containers/issues/516 https://github.com/kubernetes/test-infra/pull/33042