The Chain Reaction: How a Missing iptables Rule Broke Azure NPM
Background We run a self-hosted Kubernetes cluster on Azure with Azure Linux and Windows nodes. The networking stack uses Azure CNI v1 for pod networking and IP allocation, and Azure Network Policy Manager(NPM) for network policy enforcement (similar role to Calico or Cilium’s policy engines). graph TB subgraph Node["Kubernetes Node"] kubelet kube-proxy azure-npm azure-cni end kubelet --> ??? kube-proxy --> ??? azure-npm --> ??? Symptoms Apart from azure-npm pods crashlooping on a few nodes, there were some errors in the logs. ...