Hi
I am seeing a weird issue on one of my test-clusters set up with RKE2. I created a hello-world deployment for testing (kubectl apply -f https://k8s.io/examples/service/load-balancer-example.yaml) and exposed the service: kubectl expose deployment hello-world --type='NodePort'.
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
hello-world NodePort 10.43.235.118 <none> 8080:31742/TCP 36m
Connecting to the node where the pod is running on port 31742 works fine. Once I change the externalTrafficPolicy to Local (being Cluster as a default) however, I cannot connect anymore. I did insert a TRACE rule in iptables on the node in question and I can see that the iptables chain ends with the rule that states:
9 DROP all -- anywhere anywhere /* cali:Zyj_kJENCi2nsjer */ /* Drop if no policies passed packet */ mark match 0x0/0x20000
From my understanding that setup should work,…but somehow changing the externalTrafficPolicy breaks my service.