Unable to ping TKGs worker nodes after TKr v1.25.7
search cancel

Unable to ping TKGs worker nodes after TKr v1.25.7

book

Article ID: 402757

calendar_today

Updated On:

Products

VMware vSphere Kubernetes Service VMware vCenter Server

Issue/Introduction

Trying to ping a TKC worker node fails from Supervisor nodes, other worker nodes etc.

Environment

vSphere TKr >= v1.25.7

Cause

STIG hardening was implemented in TKrs starting from v1.25.7. This disables ICMP on worker nodes.

* Tanzu STIG Hardening Reports - Github
https://github.com/vmware/dod-compliance-and-automation/tree/master/vsphere/8.0/docs/reports

Resolution

To enable ICMP on a worker node, you can allow the ICMP requests from iptables

iptables -I INPUT -i eth0 -p icmp -s 0/0 -d 0/0 -j ACCEPT

Powered by Wolken Software