flannel. what we noticed is that the iptables FORWARD chain has a default policy of DROP. If we changes this default policy to ACCEPT then things started working. now sure how/why the default policy was DROP or if multus should have modified this on deploy.
b
bland-account-99790
05/15/2023, 4:30 PM
Multus does not modify anything in the CNI plugin configuration. It is just a multiplexer that tricks Kubernetes into thinking that there is only one CNI plugin, even though there are more than one
bland-account-99790
05/15/2023, 4:31 PM
Flannel includes an instruction that adds `ACCEPT`to iptables FORWARD chain, so it should work 🤔