search

wqld / sinabro

Sinabro is a networking solution for Kubernetes that leverages eBPF to provide high-performance networking and security features
Apache License 2.0
6 stars 0 forks source link

CoreDNS pod on worker node unable to reach API server on control plane #44

Open wqld opened 3 weeks ago

wqld commented 3 weeks ago

The CoreDNS pod deployed on a worker node cannot reach the Kubernetes API server on the control plane.

  1. CoreDNS attempts to call the API server service (10.96.0.1).
  2. The request is DNAT’d by iptables to 172.18.0.3:6443.
  3. The packet routes from the container’s eth0 to the host’s cni0.
  4. VXLAN encapsulates the packet, but continuous retransmissions occur (172.18.0.3 ? 10.244.1.4 TCP [TCP Retransmission] 6443 ? 40334 [SYN, ACK]).
wqld commented 3 weeks ago

It needs the ability to handle ClusterIP. It seems that implementing service communication without relying on kube-proxy might resolve the issue.