K
Q

Changing k8s firewall comments

11/4/2021

We're managing our server base setup using puppet. That setup includes management of iptables rules where all unknown rules will be purged from the INPUT chain.

Now kubernetes is creating three rules in that chain to jump to KUBE-SERVICE, KUBE-EXTERNAL-SERVICE, and KUBE-FIREWALL. Since those are not defined within our puppet code they will be purged in the next puppet run.

When trying to declare them in puppet we face the issue that we need to specify a comment start starts with a number (for sorting reasons). But K8s uses kubernetes service portals and kubernetes externally-visible service portals (and nothing) as comments. So even if we add those rules in puppet they will never match with the ones kubernetes wants to create on startup.

Is there a way to configure the comment that kubernetes will set to those rules in order to get them in line with the puppet definitions?

Note: We're using k3s to run kubernetes

-- Dero
k3s
kubernetes
puppet

Similar Questions

Kuberntes Sidecar for sending logs to Splunk
Kubernetes Docker logs
Double tagging docker images (latest + set version) + deploy latest to k8s + then lookup real tag?
Does ksonnet have a similar function like "helm list"?
Error with Traefik on Google Kubernetes Engine

0 Answers