IBM Cloud Docs
Why am I seeing egress connection failures from pods?

Why am I seeing egress connection failures from pods?

Virtual Private Cloud Gen 2

Egress connections from pods in your Red Hat OpenShift on IBM Cloud version 4.11 are failing.

If you have a LoadBalancer in your cluster of type NLB with the annotation service.kubernetes.io/ibm-load-balancer-cloud-provider-enable-features: "nlb" and are running Red Hat OpenShift on IBM Cloud version 4.11 earlier, then your pod-network pod egress connections might infrequently chose one of the NodePorts that your NLB is using, which creates a conflict and causes that egress connection to fail.

Update the pod natPortRange in Calico to 32768 - 65535 so it doesn't conflict with the NodePort range of 30000 - 32767.

Run the following command to patch the Calico natPortRange. This change takes effect immediately.

calicoctl patch felixconfiguration default --patch '{"spec":{"natPortRange": "32768:65535"}}'

Check whether the egress connections for pods are successful. If the issue persists, contact support. Open a support case. In the case details, be sure to include any relevant log files, error messages, or command outputs.