No public internet access from pod?

Hi there,

I’m running

# k3s -v
k3s version v1.22.7+k3s1 (8432d7f2)
go version go1.16.10


# cat /etc/os-release
VERSION="20.04.4 LTS (Focal Fossa)"
PRETTY_NAME="Ubuntu 20.04.4 LTS"

running AWX based on this guide: Install AWX on K3S - Bitbull Wiki

The application is running fine and I can log in to the web interface, but when I trigger an action that accesses the internet (a git checkout in this case) I get a connection error after a timeout of 90 seconds:

Failed to connect to port 443: Connection timed out

I can access the repository URL from the host / node with the command line web browser links without issues and there is no firewall enabled on the host.

Any idea what may cause this issue?

I tried to dig into this issue a litte more and entered the container and ran this command:

# curl
curl: (7) Failed to connect to port 443: Connection timed out

Unfortunately there are not tools like route , netstat and not even ping available in the container.

Any hint on this issue would be greatly appreciated.

This issue was solved in an issue discussion, see: Can't reach internet from pod / container · Issue #5349 · k3s-io/k3s · GitHub

Summary: The default port range for outgoing connections is 32768 to 60999 and there was a default firewall rule allowing TCP packets with the ACK flag from within this range.
Since k3s uses all possible ports for outgoing connections, some of them were below 32768 and the reply packets was blocked by the firewall.