I have an issue loading neuvector UI when I'm using containerd runtime. This is my setup: - 2 eks clusters. - One with docker runtime (v1.23) and another with containerd runtime (v1.26). - Same kubernetes yaml files were used to install neuvector. All pods are up and running. No error found in pod logs. Manager can reach controller while tested using wget. - port is listening to all connections confirmed through netstat. I'm able to load the UI of the one with docker runtime. But unable to load the UI from the containerd based cluster. Portforward return "connection reset by peer". I can wget from with in the container after exec into it. But not from another container in the same namespace (Connection get established but it gets hung). To test this I installed rancher desktop. And reproduced the same behavior by changing container run time through settings and deploying through helm (by selecting appropriate run time). I see the same issue here too. -- Works fine when the docker runtime is selected. -- UI doesn't load when k3s containerd is selected (all pods are up and running) Only difference I could find is that the port is bound to ipv4 in case of docker runtime. While it is bound to both in case of containerd setup (same for both rancher and EKS setups). With containerd runtime (UI doesnt load).

$ netstat -plnt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 :::8443                 :::*                    LISTEN      1/qemu-x86_64

With docker runtime (UI loads fine)

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:8443            0.0.0.0:*               LISTEN      1/qemu-x86_64

The ports are reachable outside the container. When I do a wget from a different container the netstat shows tcp connection ESTABLISHED. But manager 8443 port doesnt seem to be responding properly. kubectl portforwarding exists as soon as a connection attempt is made. I'm sure I'm missing something very simple but I've been looking in the docs and could not find any config change other than volume mount. Have any one seen this? Any lead or suggestion would be helpful. Thanks here too. -- Works file when the docker runtime is selected. -- UI doesn't load when k3s containerd is selected (all pods up and running.) Only difference I could find is that the port is bound to ipv4 in case of docker runtime. While it is bound to both in case of containerd setup (same for both rancher and EKS setups). I'm sure I'm missing something very simple but I've been looking in the docs and could not find any config change other than volume mount. Have any one seen this? Any lead or suggestion would be helpful. Thanks!

you said Same kubernetes yaml files were used to install neuvector… How is that possible if you are installing NV into 2 clusters where 1 is docker runtime and the 2nd is containerd runtime. You would have had to change the yaml for containerd volumeMounts for containerd.sock?

@acoustic-sugar-94270 thanks for checking this I mentioned that briefly in the post.

To test this I installed rancher desktop. And reproduced the same behavior by changing container run time through settings and deploying through helm (by selecting appropriate run time).

Basically i was using helm. The only change is overriding the containerd part True in the Values.