-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Pods unable to reach 10.43.0.1:443 even with firewall disabled #10010
Comments
Adding server logs as well sice original message was too long K3s server logs ...
|
This repository uses a bot to automatically label issues which have not had any activity (commit/comment/label) for 45 days. This helps us manage the community issues better. If the issue is still relevant, please add a comment to the issue so the bot can remove the label and we know it is still valid. If it is no longer relevant (or possibly fixed in the latest release), the bot will automatically close the issue in 14 days. Thank you for your contributions. |
I have the same problem, how do I solve it? |
In my case, I'm using
|
I have the same problem but I use iptables I tried to do the equivalent of ip saddr 10.42.0.0/16 ip daddr 10.43.0.0/16 accept but it still doesn't work |
Environmental Info:
K3s Version:
Node(s) CPU architecture, OS, and Version:
Cluster Configuration: Single node server.
Describe the bug:
Pods from default addons cannot connect to
https://10.43.0.1:443
.Steps To Reproduce:
Expected behavior:
All default addons from
/var/lib/rancher/k3s/server/manifests
should be up and running. If any iptables extension is missing it should be catched by check-config.sh script.Actual behavior:
coredns
pod never reaches ready staus.local-path-provisioner
andmetrics-server
pods enterCrashLoopBackOff
status. All the failing pods show an error related to unable to connect tohttps://10.43.0.1:443
. Server logs mention some iptables extension as missing.Additional context / logs:
My system has a lot of iptables rules but for the sake of simplicity I have reproduced the issue with a firewall withot any rule and with a permissive default policy. These are all the steps I followed:
Install K3s from official Getoo repository
Check if there are any kernel options missing ...
Disable firewall (default policy allows all traffic)
Start K3s server
Check iptables rules added by K3s ...
Check pod status
Check failing pods logs
coredns pod ...
local-path-provisioner pod ...
local-path-provisioner pod ...
The text was updated successfully, but these errors were encountered: