-
Notifications
You must be signed in to change notification settings - Fork 2.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Required br_netfilter module, not mentioned. #2068
Comments
Check by kubeadm for this module was removed here: kubernetes/kubernetes#123464 |
Ok we could add the check before flannel starts. |
Hi @rbrtbnfgl, does flannel also required br_netfilter when when using ipvs or nftables mode? |
I'll check it |
are you referring to ipvs on kube-proxy? Flannel is working always with the bridge and iptables even when ipvs is enabled. |
@rbrtbnfgl, appreciate the input, many thanks to your hard work! |
Maybe we can add the error and solution from #2166 to the troubleshooting guide. |
It's specified on the README https://github.com/flannel-io/flannel/blob/master/README.md?plain=1#L73 |
There is no mention of requirement for br_netfilter module for flannel to work.
It perhaps wasn't needed in the past as kubeadm would check for it during kubeadm init and give:
error execution phase preflight: [preflight] Some fatal errors occurred:
[ERROR FileContent--proc-sys-net-bridge-bridge-nf-call-iptables]: /proc/sys/net/bridge/bridge-nf-call-iptables does not exist
If module wasn't on.
However this check was removed since kubeadm v1.30 as mentioned in this github issue:
kubernetes/kubernetes#127593
Expected Behavior
Perhaps flannel containers could exit with an error saying "required br_netfilter module is not enabled".
But at least this module should be mentioned in the docs.
Current Behavior
Services aren't reachable within the network.
Possible Solution
flannel containers could exit with an error saying "required br_netfilter module is not enabled" or docs entry
Steps to Reproduce (for bugs)
Context
I spent around 2 days trying to find an issue with the cluster.
I created a in issue in kubernetes github and I got an information that currently CNI probivers should take care of this over requiring kubeadm to enforce this module enable.
This is the issue:
kubernetes/kubernetes#127593
Your Environment
The text was updated successfully, but these errors were encountered: