I am using https://github.com/projectcalico/calico/blob/master/manifests/calico-policy-only.yaml to install calico via helm chart.
I have service_cidr = 10.251.0.0/16 I have pod_cidr = 10.254.0.0/16
I have a pod trying to reach out at 10.251.0.1:443 (I have a netpol that allows egress to this cidr at any port)
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: pod-egress-to-k8s-services
spec:
podSelector:
matchLabels:
name: pod
policyTypes:
- Egress
egress:
- to:
- ipBlock:
cidr: 10.251.0.0/16
But my pod is failing to reach api-server at 10.251.0.1:443 . What could be the reason ?
Things I've done ->
- Tried replacing CALICO_IPV4POOL_CIDR with service cidr instead of pod cidr.
- Added service_cidr in the calico-config.
But still my pod is failing to reach api-server when using cidr (10.251.0.0/16) If I give api server external ip running at 6443 , it works fine
