Editing
IP Tables config
(section)
Jump to navigation
Jump to search
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== For Distros using iptables v1.8+ == This includes (at least): * Debian 10 (buster) * RHEL 8 * CentOS 8 Someone in the Linux world decided that it was time to change from 'iptables' packet processing rules to the newer 'nf_tables' (or nft) packet processing rules. iptables v1.8.* is supposed to be a transition version that could do both the iptables method of packet routing and nft method. The problem is that the kubernetes application pods (e.g. kube-proxy) use the older version that messes with the iptables rules ... while the command-line version is messing with nft rules by default. This causes "weird and wonderful" problems. The short answer (until someone gets this worked out and updates the kube-proxy containers to use the nft rule sets) is to force the host to use the iptables rules. Fortunately, iptables is loaded as an 'alternative' app, so we can just flip it: update-alternatives --set iptables /usr/sbin/iptables-legacy update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy update-alternatives --set arptables /usr/sbin/arptables-legacy update-alternatives --set ebtables /usr/sbin/ebtables-legacy The first one is all that is strictly necessary, but it is best to keep all the iptables stuff together. There is an extensive discussion including both practical and philosophical issues on the kubernetes github issue board: https://github.com/kubernetes/kubernetes/issues/71305
Summary:
Please note that all contributions to WilliamsNet Wiki may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
WilliamsNet Wiki:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
Navigation menu
Personal tools
Not logged in
Talk
Contributions
Create account
Log in
Namespaces
Page
Discussion
English
Views
Read
Edit
View history
More
Navigation
Commons
Architecture
How-To
Systems
Hardware
SysAdmin
Kubernetes
OpenSearch
Special
Pages to create
All pages
Recent changes
Random page
Help about MediaWiki
Formatting Help
Tools
What links here
Related changes
Special pages
Page information