How to catch traffic from a Kubernetes container

[AlessioDiama]

I am trying to catch the outgoing traffic of of a Docker container inside a Kubernetes cluster in order to redirect it to a netfliterqueue and modify it with scapy.
My Kubernetes cluster has two cni: calico for the k8s management network and ovs-cni for the network i'd like to use for pod-to-pod communication. Consequently, each container in my cluster has two interfaces: eth0(calico) and net1(ovs-cni).
Using:

iptables -I DOCKER-USER 1 -p udp --dport 4060 -j NFQUEUE --queue-num 1

i am able to correctly catch udp traffic send to port 4060 USING ETH0 and modify with scapy. However when the traffic is send through net1 the same rule cannot catch teh udp traffic to port 4060.
I guess because DOCKER-USER chain do not intercept traffic using net1 interface of my container. Does anyone know which is the chain to use to intercept traffic of net1(ovs-cni) interface?

[oremanj]

Sorry, I don't think any of us know enough about Docker to answer this. It's not really specific to netfilterqueue -- as I understand it, you would run into the same challenges applying any kind of iptables rule to this traffic.