using multus nginx pod can not connected

[13567436138]

What happend:

cat <<EOF | kubectl apply -f -
apiVersion: "k8s.cni.cncf.io/v1"
kind: NetworkAttachmentDefinition
metadata:
  name: macvlan-conf
spec:
  config: '{
      "cniVersion": "0.3.1",
      "type": "macvlan",
      "master": "ens33",
      "mode": "bridge",
      "ipam": {
        "type": "host-local",
        "subnet": "192.168.229.0/24",
        "rangeStart": "192.168.229.200",
        "rangeEnd": "192.168.229.216",
        "routes": [
          { "dst": "0.0.0.0/0" }
        ],
        "gateway": "192.168.229.2"
      }
    }'
EOF

cat <<EOF | kubectl create -f -
apiVersion: v1
kind: Pod
metadata:
  name: samplepod
  annotations:
    k8s.v1.cni.cncf.io/networks: macvlan-conf
spec:
  containers:
    - name: nginx-container
      image: nginx:latest
      ports:
        - containerPort: 80
      volumeMounts:
        - name: nginx-storage
          mountPath: /usr/share/nginx/html
  volumes:
    - name: nginx-storage
      emptyDir: {}
EOF

root@k8s-master01:~# kubectl get pod -owide
NAME                        READY   STATUS    RESTARTS      AGE     IP              NODE           NOMINATED NODE   READINESS GATES
nginxweb-7db59bb6df-bc8sx   1/1     Running   2 (17m ago)   26h     10.244.79.107   k8s-worker01   <none>           <none>
nginxweb-7db59bb6df-s2kh8   1/1     Running   2 (18m ago)   26h     10.244.69.248   k8s-worker02   <none>           <none>
rating                      2/2     Running   4 (18m ago)   22h     10.244.69.246   k8s-worker02   <none>           <none>
samplepod                   1/1     Running   0             2m45s   10.244.79.111   k8s-worker01   <none>           <none>
shared-volume-pod           2/2     Running   2 (17m ago)   22h     10.244.79.108   k8s-worker01   <none>           <none>

root@k8s-master01:~# ping 10.244.79.111
PING 10.244.79.111 (10.244.79.111) 56(84) bytes of data.
64 bytes from 10.244.79.111: icmp_seq=1 ttl=64 time=0.644 ms
64 bytes from 10.244.79.111: icmp_seq=2 ttl=64 time=0.332 ms
64 bytes from 10.244.79.111: icmp_seq=3 ttl=64 time=0.369 ms
^C
--- 10.244.79.111 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2042ms
rtt min/avg/max/mdev = 0.332/0.448/0.644/0.139 ms
root@k8s-master01:~# curl 10.244.79.111
^C
root@k8s-master01:~# curl 10.244.79.111:80

What you expected to happen:

How to reproduce it (as minimally and precisely as possible):

Anything else we need to know?:

Environment:

• Multus version thick
  image path and image ID (from 'docker images')
• Kubernetes version (use kubectl version):1.31.1
• Primary CNI for Kubernetes cluster:calico
• OS (e.g. from /etc/os-release):ubuntu2404
• File of '/etc/cni/net.d/'
• File of '/etc/cni/multus/net.d'
• NetworkAttachment info (use kubectl get net-attach-def -o yaml)
• Target pod yaml info (with annotation, use kubectl get pod <podname> -o yaml)
• Other log outputs (if you use multus logging)

[dougbtv]

If you can get a ping, but not a curl, it's probably something underlying, like... is nginx listening on the right IPs? do a tcpdump on both ends