Channels
extensions
rancher-extensions
supermicro-sixsq
ozt
os
one-point-x
rio
onlinemeetup
v16-v21-migration
events
onlinetraining
training-1220
training-0110
training-0124
k3s-contributor
submariner
storage
k3os
windows
ci-cd
theranchcast
rfed_ara
nederlands
ukranian
danish
training-0131
masterclass
training-0207
training-0214
terraform-controller
epinio
phillydotnet
swarm
rancher-wrangler
deutsch
russian
chinese
mesos
français
japanese
arm
longhorn-dev
terraform-provider-rke
service-mesh
azure
gcp
academy
random
elemental
espanol
lima
harvester-dev
portugues
kubernetes
kim
hypper
kubewarden
opni
logging
neuvector-security
rancher-setup
developer
office-hours
mexico
cabpr
rke
vsphere
longhorn-storage
k3s
k3d
terraform-provider-rancher2
fleet
amazon
harvester
rke2
s3gw
hobbyfarm
rancher-desktop
general
Title
a
acoustic-sunset-13848
05/09/2023, 7:39 PMHello. I am having trouble getting k3s + multus to pass traffic. i have modified the multis-daemonset deployment and the pods come up with IP addresses on the secondary network. traffic seems to be hitting the bridge that is created, but traffic doesn’t seem to get to the other pod. is there a system setting i am missing. i feel like it must be something obvious, but not sure what
b
bland-account-99790
05/11/2023, 3:11 PMwhat is your secondary CNI plugin?
🎯 1
a
acoustic-sunset-13848
05/15/2023, 1:14 PMflannel. what we noticed is that the iptables FORWARD chain has a default policy of DROP. If we changes this default policy to ACCEPT then things started working. now sure how/why the default policy was DROP or if multus should have modified this on deploy.
b
bland-account-99790
05/15/2023, 4:30 PMMultus does not modify anything in the CNI plugin configuration. It is just a multiplexer that tricks Kubernetes into thinking that there is only one CNI plugin, even though there are more than one
Flannel includes an instruction that adds `ACCEPT`to iptables FORWARD chain, so it should work 🤔