Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

microk8s is sets iptables policy FORWARD to DROP on reboot

See original GitHub issue

I created a fresh install of ubuntu 18.04 minimal on a vmware esxi 6.7u1 host. i checked iptables -S and got this output (truncated):

-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT

This is consistent, no matter how often i reboot. Then i installed microk8s and all looks fine:

robert@k:~$ sudo snap install microk8s --edge --classic
microk8s (edge) v1.13.1 from Canonical✓ installed
robert@k:~$ sudo iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
<trimmed>

However, after a reboot:

robert@k:~$ sudo iptables -S
[sudo] password for robert: 
-P INPUT ACCEPT
-P FORWARD DROP
-P OUTPUT ACCEPT
<trimmed>

I’ve attached the microk8s.inspect tarball as inspection-report-20181229_224350.tar.gz

Issue Analytics

  • State:closed
  • Created 5 years ago
  • Reactions:2
  • Comments:11 (2 by maintainers)

github_iconTop GitHub Comments

5reactions
mnbf9rcacommented, Dec 29, 2018

Adding --iptables=false to /var/snap/microk8s/current/args/dockerd fixes it.

3reactions
illja96commented, Sep 22, 2020

Adding --iptables=false to /var/snap/microk8s/current/args/dockerd fixes it.

This will no longer work cause new version of microk8s use containerd instead of dockerd

Read more comments on GitHub >

github_iconTop Results From Across the Web

microk8s is sets iptables policy FORWARD to DROP on ...
I created a fresh install of ubuntu 18.04 minimal on a vmware esxi 6.7u1 host. i checked iptables -S and got this output...
Read more >
About the iptables settings that kube-proxy sets at startup
The following settings are set in iptables when kube-proxy starts. Due to the DROP setting of ctstae invalid, communication will be dropped ......
Read more >
Troubleshooting
If a pod is not behaving as expected, the first port of call should be the logs. First determine the resource identifier for...
Read more >
Kubernetes NodePort and iptables rules
err…a non-kubernetes is using the NodePort!! A few weeks back at work, one of our kubernetes nodes was rebooted and as it was...
Read more >
Docker changes IPtables FORWARD policy to DROP
I tried to set the policy in /etc/sysconfig/iptables but that doesn't help. This seems specific to Amazon Linux 2, I don't seem to...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

NodePort restrictions?

Next page

microk8s.kubectl does not respect `$KUBECONFIG` var