Following Scenario: I have a Git server (Gitea) and Drone on the same host running with Rancher. One loadbalancer (haproxy) in front of everything which routes based on domains and handles ssl termination.
Drones spawned containers cannot acces the public facing services (made public by ranchers loadbalancer) when trying to access the public domain/ip of the server, however they have internet access and can reach the server via ping. Dns don’t seem to be the issue.
The Build fails on the first step (clone) with a timeout.
Doing a scan with nmap from inside of one of these contaiers gets me the following result:
Host is up (0.00013s latency). Not shown: 995 closed ports PORT STATE SERVICE VERSION 80/tcp filtered http 111/tcp open rpcbind 2-4 (RPC #100000) 443/tcp filtered https 8080/tcp open tcpwrapped
The interesting part is in port 80/443, these are the two ports handeled by the rancher loadbalancer. Doing curl on them from inside a drone build container results in a timeout.
I also tried running manually a container on the host (outside of rancher), whithin this i can access everything perfectly normal.
After digging a bit, I think this is probably an issue with ranchers iptables configuration, I think it would explain why I could ping the host but don’t access services provided by it’s loadbalancer.
I also created an issue on the rancher repo: https://github.com/rancher/rancher/issues/11288