I need to get access from the pod to the servers from the same subnet as the nodes of the kubernetes cluster (10.10.11.x), for example , to my gitlab server. I can ping onle k8s nodes from pods. From the cluster node, the IP address of my gitlab server is available, I can ping, curl and nslookup, but from the pods when trying to execute ping or curl I have timeout error. But nslookup is working and can resolve IP address from pods. Also I can ping and curl IP address like google.com without problems. I don't have any network policies configured, firewall is disabled on nodes and on my gitlab server. I use Kubernetes 1.26 , calico 3.25. The same problems with all external servers from my subnet, they are available from k8s nodes but not available from pods. I've been struggling with this problem for a long time and I ran out of ideas.
1)I try to apply NetworkPolices, to allow access to gitlab servers. But it doesn't help, I can disable all traffic to internet, but can not open access to IPs 10.10.11.x. Like this one
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-access-to-all
namespace: gitlab
spec:
podSelector:
matchLabels:
app: gitlab-runner
policyTypes:
- Ingress
- Egress
egress:
- to: []
ports:
- protocol: TCP
port: 80
- protocol: TCP
port: 443
- protocol: UDP
port: 53
2)I tried to create Endpoints and Services for GitLab, but it also doesn't help
apiVersion: v1
kind: Endpoints
metadata:
name: gitlab-server
namespace: gitlab
subsets:
- addresses:
- ip: 10.10.11.2
ports:
- port: 80
---
apiVersion: v1
kind: Service
metadata:
name: gitlab-server
namespace: gitlab
spec:
ports:
- port: 80
targetPort: 80
3)I test my calico networking using this guide and everything looks good.
4)Check work of my k8s cluster? but didn't find any problems.