Login

u/sandymaurya

▲ 2 r/oraclecloud

Need help debugging OCI + K3s networking issue.

Setup:

  • Oracle Cloud Free Tier (Ampere A1 Flex, Ubuntu)
  • K3s with default Traefik ingress
  • Public subnet
  • UFW allows 80/443 + NodePort range
  • Traefik service:
    • 80 -> NodePort 42199
    • 443 -> NodePort 42645

What works:

  • Ingress works internally
  • curl -H "Host: app.example.internal" http://localhost:31339 returns nginx page
  • NodePort works locally on VM
  • Pods/services/ingress all healthy

What does NOT work:

  • curl http://<public-ip>
  • curl http://<public-ip>: 42199

Both timeout externally.

Debugging done:

  • tcpdump -i any port 80 shows NO inbound external packets
  • nc -l 8080 on VM also receives nothing externally
  • Security List has ingress rules for 80/443
  • VM is in public subnet
  • Route table has Internet Gateway

This makes me think OCI networking is blocking traffic before it reaches VM.

Could this be:

  • NSG overriding Security List?
  • Wrong VNIC/subnet attachment?
  • OCI Free Tier networking quirk?
  • Something specific to K3s servicelb?

Would appreciate guidance from anyone running K3s/Kubernetes on OCI Free Tier.

reddit.com
u/sandymaurya — 3 days ago