169.254.0.0/16 routes being created and conflicting

hey folks, I’m trying to get the Hetzner CSI driver working on a k3s cluster on NixOS. I’m having a problem currently that the agent nodes can’t connect to 169.254.169.254 to get metadata for the CSI controller to attach volumes to the right nodes. Here’s what I’ve got on one of the worker nodes:

$ ip route show
default via 172.31.1.1 dev enp1s0 proto dhcp src 5.161.80.37 metric 1002
10.0.0.0/16 via 10.0.0.1 dev enp7s0 proto dhcp src 10.0.1.1 metric 1003 mtu 1450
10.0.0.1 dev enp7s0 proto dhcp scope link src 10.0.1.1 metric 1003 mtu 1450
10.42.0.0/16 dev flannel-wg scope link
10.42.1.0/24 dev cni0 proto kernel scope link src 10.42.1.1
169.254.0.0/16 dev veth6dadc6d4 scope link src 169.254.53.168 metric 1296
169.254.0.0/16 dev vethd48d0560 scope link src 169.254.188.169 metric 1312
169.254.0.0/16 dev veth0f971e4b scope link src 169.254.90.3 metric 1313
169.254.0.0/16 dev veth9c6daad4 scope link src 169.254.204.222 metric 1314
169.254.0.0/16 dev veth8ddaf744 scope link src 169.254.153.111 metric 1320
169.254.0.0/16 dev vethb31bfc6c scope link src 169.254.246.197 metric 1321
172.31.1.1 dev enp1s0 proto dhcp scope link src 5.161.80.37 metric 1002

And indeed it looks like traffic to that IP is being routed to veth6dadc6d4:

$ ip route get 169.254.169.254
169.254.169.254 dev veth6dadc6d4 src 169.254.53.168 uid 0
    cache

Does anyone know what is adding these, and why those routes are blocking 169.254.169.254? I’ve asked the K3s people, and they didn’t have any idea what could be going on—they suggested it could be networkmanager or connman, but I don’t have either of those installed.

I’ve also tried adding an explicit route with ip route add 169.254.169.254 dev enp7s0, which didn’t allow connecting still. (This might show that I’m a networking novice, which is true! Any level of help here is probably useful.)

Ah, good thing I asked or I wouldn’t have been searching around for new ideas afterwards. DHCP (Using Docker on AWS EC2 breaks EC2 metadata route because of DHCP · Issue #109389 · NixOS/nixpkgs · GitHub) seems to be the culprit. I’m unblocked for now! :tada:

1 Like