I play around with kubernetes and I have seen that there are a lot of repetitive identical entries in the iptables on the nodes. Any explication why?
Chain KUBE-FIREWALL (0 references)
target prot opt source destination
DROP all -- anywhere anywhere mark match 0x8000/0x8000 /* kubernetes firewall for dropping marked packets */
DROP all -- anywhere anywhere mark match 0x8000/0x8000 /* kubernetes firewall for dropping marked packets */
DROP all -- anywhere anywhere mark match 0x8000/0x8000 /* kubernetes firewall for dropping marked packets */
DROP all -- anywhere anywhere mark match 0x8000/0x8000 /* kubernetes firewall for dropping marked packets */
DROP all -- anywhere anywhere mark match 0x8000/0x8000 /* kubernetes firewall for dropping marked packets */
....
System info:
Installation is done with ansible
Followed few times in a row ansible approach, using the same kernel 4.15.18-19-pve x86_64 GNU/Linux, but not able at all reproduce your problem.
Each time I get(as expected in normal behavior)
Chain KUBE-FIREWALL (2 references)
target prot opt source destination
DROP all -- anywhere anywhere /* kubernetes firewall for dropping marked packets */ mark match 0x8000/0x8000The only way get into the same situation as you - is to manually update iptables duplicating the entries and get rig of references.
If I will find anything interesting - I will let you know.