I've tried allowing based on MicroK8s subnets with the following:
sudo ufw allow in from 10.1.0.0/16 to 10.152.183.0/24
sudo ufw allow in from 10.152.183.0/24 to 10.1.0.0/16
sudo ufw allow out from 10.1.0.0/16 to 10.152.183.0/24
sudo ufw allow out from 10.152.183.0/24 to 10.1.0.0/16
but that did not work. @Cynerva mentioned this is likely due to the kube-proxy managing rules that forward that traffic to , and that traffic is then filtered by ufw rules. I have not been successful in getting this to work.
The best option I have at the moment is:
sudo ufw allow in on cali+
sudo ufw allow out on cali+
sudo ufw default allow routed
sudo ufw allow in on cni0
sudo ufw allow out on cni0
sudo ufw default allow routed
