I'm experiencing a strange connectivity problem in GKE Autopilot and I'm not sure if it's a Google Kubernetes issue specifically. Here's my setup:
- Node A has the primary pod range.
- Node B has an additional pod range.
- On Node A, I have Pod A1 and Pod A2 with a service called SA2.
- On Node B, there are Pod B1 and Pod B2 with a service named SB2.
Here are the connectivity results:
- A1 can access SA2, which works fine.
- However, B1 cannot reach SB2, which is puzzling given they're on the same node.
- A1 can connect to SB2 without issues.
- Interestingly, B1 is able to access SA2 just fine.
Why is it that B1 can't connect to SB2 while all these pods are on the same node and using the additional pod range? They're all using minimal curl or traefik/whoami images. Any insights would be greatly appreciated!
3 Answers
One thing to check is your CIDR ranges. If they’re not configured correctly, that could lead to connectivity issues. Just curious, what are your CIDR ranges?
I had a similar issue that turned out to be related to the egress NAT policy. GKE Autopilot doesn't automatically add additional ranges to that policy, which can affect pod communication. You might want to look into that as a potential root cause! Here’s a link to the documentation: https://docs.cloud.google.com/kubernetes-engine/docs/how-to/egress-nat-policy-ip-masq-autopilot
It sounds like there might be a couple of things going on. You could be missing a network route or perhaps some network policies are blocking traffic. Also, if you're using Traefik, there could be a misconfiguration. I mainly work with Cilium, but I’d look into that if I were you.
I think I’ve checked those aspects, but I’ll definitely revisit them after the holidays. It really seems like it’s an issue with direct pod-to-pod communication, not a DNS or service issue.
They are set to 100.x.y.z/22. If you have any hints based on that, I’d really appreciate it!