Closed linyinli closed 3 years ago
This is my pods list: nginx pod IP 10.42.0.36 alpine pod IP 10.42.1.28
There is my curl record: I exec into alpine and curl the nginx pod IP, the result of curl is normal when nginx pod exists, and it return "Operation timed out" after I deleted the nginx pod.
When the nginx pod exists and I curl the nginx pod IP, tcpdump cannot capture 10.42.1.28 traffic on the host eth0 nic.
When the nginx pod not exists and I curl the nginx pod IP again, tcpdump can capture 10.42.1.28 traffic on the host eth0 nic.
If you want those blackhole routes, you probably need to either raise an issue with flannel itself (who is responsible for programming of the routes) or just use Calico VXLAN which recently added support for programming those blackhole routes.
This repository isn't maintained any more, and the Calico / flannel integration is instead maintained at github.com/projectcalico/calico
Expected Behavior
Pod traffic does not go out of the host.
Current Behavior
Pod traffic was going out of the host.
Possible Solution
Fix it.
Steps to Reproduce (for bugs)
Context
Unlike Calico, Canal did not add blackhole route, is the blackhole route not added because it will affect the working of Canal?
Pod traffic should never go out. We have an issue by use Cicso ACI SDN. It caused a cyber storm.
Your Environment
https://github.com/projectcalico/calico/issues/4362 https://github.com/projectcalico/calico/issues/3498