agent.host.iptables=true doesn't work w/ helm chart deployment
jkroepke opened this issue · 2 comments
jkroepke commented
Hi,
today i tried kiam first time using the helm chart.
I'm using the 5.9.0 version, but the 5.10 is affected, too.
After setting agent.host.iptables=true
, the agents did not start anymore:
2020-11-23T22:11:50.295363147+01:00 {"level":"info","msg":"configuring iptables","time":"2020-11-23T21:11:50Z"}
2020-11-23T22:11:50.299331187+01:00 {"level":"error","msg":"error configuring iptables: running [/sbin/iptables -t nat -C PREROUTING -p tcp -d 169.254.169.254 --dport 80 -j DNAT --to-destination 10.240.1.23:8181 -i cali+ --wait]: exit status 3: DNAT: Could not determine whether revision 2 is supported, assuming it is.\nDNAT: Could not determine whether revision 2 is supported, assuming it is.\niptables v1.8.3 (legacy): can't initialize iptables table `nat': Permission denied (you must be root)\nPerhaps iptables or your kernel needs to be upgraded.\n","time":"2020-11-23T21:11:50Z"}
2020-11-23T22:11:50.299425318+01:00 {"level":"fatal","msg":"fatal error: running [/sbin/iptables -t nat -C PREROUTING -p tcp -d 169.254.169.254 --dport 80 -j DNAT --to-destination 10.240.1.23:8181 -i cali+ --wait]: exit status 3: DNAT: Could not determine whether revision 2 is supported, assuming it is.\nDNAT: Could not determine whether revision 2 is supported, assuming it is.\niptables v1.8.3 (legacy): can't initialize iptables table `nat': Permission denied (you must be root)\nPerhaps iptables or your kernel needs to be upgraded.\n","time":"2020-11-23T21:11:50Z"}
System Info:
- Kubernetes 1.19.4
- cri-o 1.19
- Ubuntu 20.04
Kubernetes was setup with kubeadm, no special security rules applied. SELinux is not available on Ubuntu.
What did I do wrong? Do I miss something?
wd commented
This is the root cause: iptables v1.8.3 (legacy): can't initialize iptables table
nat': Permission denied (you must be root)` ?
jkroepke commented
Sure, the chart miss some settings