-
Notifications
You must be signed in to change notification settings - Fork 737
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RP filter isn't updated to loose when using centos 7 #212
Comments
@lnr0626 I'm hitting the same problem testing the same scenario. @liwenwu-amazon I can provide |
My current fix is to update my userdata script to detect the primary interface and set the rp filter to loose for the primary interface on startup - I pretty much just added |
Hmm, that doesn't resolve the problem for me (in fact the value was already |
Hi. |
@perbly my guess is that the version of debian you used hadn't switched to using predictable network interface names yet and is still using the old method of enumerating the devices, and so the primary interface name was still |
@lnr0626 the interface name is eth0 on both debian and amz linux. |
after some further testing, it appears that that doesn't actually fix the issue on centos 7 |
@lnr0626 What instance type are you using? |
@ewbankkit we're using m5.xlarge instances currently |
Fixed by #271 |
I'm using a centos 7 based AMI for EKS, and created a new cluster to test out the external config that was merged in with #165. The pods I created in this cluster weren't able to communicate with any services within kubernetes (i.e. the kubernetes service in the default namespace, kube-dns, etc.). After doing some investigation, I found that the reverse path filter for the primary interface was still set to strict. After updating this to loose, the cluster worked as expected.
I see there's code to update this to loose when node port support is enabled, however this does not seem to be working as expected.
The text was updated successfully, but these errors were encountered: