Verified this bug on 4.7.0-0.nightly-2021-08-19-235306
sh-4.4# ssh -i ca.pem core.0.5
The authenticity of host '10.0.0.5 (10.0.0.5)' can't be established.
ECDSA key fingerprint is SHA256:JrM2oyJKh3UX0+toqeLl2S1dGQLQ2+mzshMQg1W8ZL0.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '10.0.0.5' (ECDSA) to the list of known hosts.
Red Hat Enterprise Linux CoreOS 47.84.202108181031-0
Part of OpenShift 4.7, RHCOS is a Kubernetes native operating system
managed by the Machine Config Operator (`clusteroperator/machine-config`).
WARNING: Direct SSH access to machines is not recommended; instead,
make configuration changes via `machineconfig` objects:
[core@zzhaoazure47-twdtz-master-1 ~]$ sudo -i
[root@zzhaoazure47-twdtz-master-1 ~]# iptables-save | grep AZUR
:AZURE_CHECK_ICMP_SOURCE - [0:0]
:AZURE_ICMP_ACTION - [0:0]
-A INPUT -p icmp -m icmp --icmp-type 3/4 -j AZURE_CHECK_ICMP_SOURCE
-A AZURE_CHECK_ICMP_SOURCE -s 10.0.0.6/32 -p icmp -j AZURE_ICMP_ACTION
-A AZURE_CHECK_ICMP_SOURCE -s 10.0.0.7/32 -p icmp -j AZURE_ICMP_ACTION
-A AZURE_CHECK_ICMP_SOURCE -s 10.0.0.5/32 -p icmp -j AZURE_ICMP_ACTION
-A AZURE_CHECK_ICMP_SOURCE -s 10.0.32.4/32 -p icmp -j AZURE_ICMP_ACTION
-A AZURE_CHECK_ICMP_SOURCE -s 10.0.32.6/32 -p icmp -j AZURE_ICMP_ACTION
-A AZURE_CHECK_ICMP_SOURCE -s 10.0.32.5/32 -p icmp -j AZURE_ICMP_ACTION
-A AZURE_ICMP_ACTION -j LOG
-A AZURE_ICMP_ACTION -j DROP
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (Important: OpenShift Container Platform 4.7.28 security update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.