hyperkube proxy, kubelet can't find iptables chain, rkt run --net=host hyperkube proxy, kubelet can't find iptables chain, rkt run --net=host kubernetes kubernetes

hyperkube proxy, kubelet can't find iptables chain, rkt run --net=host


docker kubernetes iptables rkt kubelet

After much fault isolation, I've found the cause and solution.

In my case, I'm running a custom kernel pkg (linux-image), which was missing several kernel modules related to iptables. So when kubelet tried to append iptables rules that contained a comment, it errored because xt_comment wasn't loaded.

These are the modules I was missing: ipt_REJECT, nf_conntrack_netlink, nf_reject_ipv4, sch_fq_codel (maybe not required), xt_comment, xt_mark, xt_recent, xt_statistic

To get a complete list of modules that I likely needed, I logged into a CoreOS kubernetes worker and looked at its lsmod. Then just compared that list to my "problem" machine.

docker kubernetes iptables rkt kubelet

I had this issue on a gentoo box with a custom kernel configuration whilst running k8s using rancher's k3d 1.3.1. Rebuilding the kernel with all the sane iptables + xt_comment solved this issue for me.

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last