K
Q

Kubernetes Kube-Proxy Server: Can it run without iptables' nat module?

8/22/2016

Background:
In our environment, iptables' nat module is disabled. So I must use '-b=none --iptables=false' to start docker daemon and always add '--net host' when using 'docker run' command.

The same problem arising when using kubernetes. When I try to start the 'kube-proxy' service, I got an error:

> F0822 14:32:49.065506   29630 server.go:101] Unable to create proxer:
> failed to initialize iptables: error creating chain
> "KUBE-PORTALS-CONTAINER": exit status 3: iptables v1.4.21: can't
> initialize iptables table `nat': Table does not exist (do you need to
> insmod?) Perhaps iptables or your kernel needs to be upgraded.

Is there a way to bypass this?

-- discover
docker
iptables
kube-proxy
kubernetes

Similar Questions

kubernetes pods are restarting with new ID
Kubernetes not able to add label to pod
deis Register without external IP
Google Cloud Endpoints with Tomcat (instead of Google App Engine)

1 Answer

8/23/2016

Kube-proxy makes heavy use of IPtables, even in userspace mode. I'm afraid you won't be able to run a Kubernetes node on a machine where IPtables is disabled completely.

-- Antoine Cotten
Source: StackOverflow