I installed a cluster with two machines (master and worker) and Flannel for networking.
I created a deployment with a service (NodePort). But this service is from outside only reachable via the worker node IP, when I connect to the master IP the connection times out. But when I set the Iptables Policy from the Forward Chain from Drop to Accept (iptables -P FORWARD ACCEPT) it works.
I’ve set the iptables to iptables-legcay as recommended in another thread (update-alternatives --set iptables /usr/sbin/iptables-legacy).
Does anyone has a idea why this forwarding does not work with the policy set to drop? I don’t want to leave it as ACCEPT for security reasons.
Thank you in advance!
Kubernetes version: 1.18.2
Cloud being used: bare-metal
Installation method: package
Host OS: Debian 10 Buster
CNI and version: Flannel 0.12.0
CRI and version: Docker CE 5:19.03.8~3-0~debian-buster