Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Release 1.22] Remove flannel ipmasq iptable rules when destroying k3s #5060

Closed
manuelbuil opened this issue Feb 1, 2022 · 1 comment
Closed

[Release 1.22] Remove flannel ipmasq iptable rules when destroying k3s #5060

manuelbuil opened this issue Feb 1, 2022 · 1 comment
Assignees
@VestigeJ @manuelbuil
Projects
Development [DEPRECATED]
Milestone
v1.22.6+k3s1

Comments

@manuelbuil
Copy link
Contributor

Backport: #5001 and #5010
@manuelbuil manuelbuil self-assigned this Feb 1, 2022
@manuelbuil manuelbuil added this to To Triage in Development [DEPRECATED] via automation Feb 1, 2022
@manuelbuil manuelbuil moved this from To Triage to Working in Development [DEPRECATED] Feb 1, 2022
@manuelbuil manuelbuil added this to the v1.22.6+k3s1 milestone Feb 1, 2022
@manuelbuil manuelbuil mentioned this issue Feb 1, 2022
Merged
@manuelbuil manuelbuil moved this from Working to To Test in Development [DEPRECATED] Feb 9, 2022
@VestigeJ
Copy link

VestigeJ commented Feb 9, 2022

Validated using commit=

$ k3s -v

k3s version v1.22.6+k3s-23796dde (23796dde)
go version go1.16.10

BEFORE INSTALL

$ sudo iptables -L

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)

INSTALLLED
$ sudo iptables -L

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
KUBE-ROUTER-INPUT  all  --  anywhere             anywhere             /* kube-router netpol - 4IA2OSFRMVNDXBVV */
KUBE-NODEPORTS  all  --  anywhere             anywhere             /* kubernetes health check service ports */
KUBE-EXTERNAL-SERVICES  all  --  anywhere             anywhere             ctstate NEW /* kubernetes externally-visible service portals */
KUBE-FIREWALL  all  --  anywhere             anywhere            

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
KUBE-ROUTER-FORWARD  all  --  anywhere             anywhere             /* kube-router netpol - TEMCG2JMHZYE7H7T */
KUBE-FORWARD  all  --  anywhere             anywhere             /* kubernetes forwarding rules */
KUBE-SERVICES  all  --  anywhere             anywhere             ctstate NEW /* kubernetes service portals */
KUBE-EXTERNAL-SERVICES  all  --  anywhere             anywhere             ctstate NEW /* kubernetes externally-visible service portals */
ACCEPT     all  --  ip-10-42-0-0.us-east-2.compute.internal/16  anywhere             /* flanneld forward */
ACCEPT     all  --  anywhere             ip-10-42-0-0.us-east-2.compute.internal/16  /* flanneld forward */

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
KUBE-ROUTER-OUTPUT  all  --  anywhere             anywhere             /* kube-router netpol - VEAAIY32XVBHCSCY */
KUBE-SERVICES  all  --  anywhere             anywhere             ctstate NEW /* kubernetes service portals */
KUBE-FIREWALL  all  --  anywhere             anywhere            

Chain KUBE-EXTERNAL-SERVICES (2 references)
target     prot opt source               destination         

Chain KUBE-FIREWALL (2 references)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere             /* kubernetes firewall for dropping marked packets */ mark match 0x8000/0x8000
DROP       all  -- !localhost/8          localhost/8          /* block incoming localnet connections */ ! ctstate RELATED,ESTABLISHED,DNAT

Chain KUBE-FORWARD (1 references)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere             ctstate INVALID
ACCEPT     all  --  anywhere             anywhere             /* kubernetes forwarding rules */ mark match 0x4000/0x4000
ACCEPT     all  --  anywhere             anywhere             /* kubernetes forwarding conntrack pod source rule */ ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere             /* kubernetes forwarding conntrack pod destination rule */ ctstate RELATED,ESTABLISHED

Chain KUBE-KUBELET-CANARY (0 references)
target     prot opt source               destination         

Chain KUBE-NODEPORTS (1 references)
target     prot opt source               destination         

Chain KUBE-NWPLCY-DEFAULT (10 references)
target     prot opt source               destination         
MARK       all  --  anywhere             anywhere             /* rule to mark traffic matching a network policy */ MARK or 0x10000

Chain KUBE-POD-FW-57RNXVVWQGMRAC6D (7 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere             /* rule for stateful firewall for pod */ ctstate RELATED,ESTABLISHED
DROP       all  --  anywhere             anywhere             /* rule to drop invalid state for pod */ ctstate INVALID
ACCEPT     all  --  anywhere             ip-10-42-0-8.us-east-2.compute.internal  /* rule to permit the traffic traffic to pods when source is the pod's local node */ ADDRTYPE match src-type LOCAL
KUBE-NWPLCY-DEFAULT  all  --  ip-10-42-0-8.us-east-2.compute.internal  anywhere             /* run through default egress network policy  chain */
KUBE-NWPLCY-DEFAULT  all  --  anywhere             ip-10-42-0-8.us-east-2.compute.internal  /* run through default ingress network policy  chain */
NFLOG      all  --  anywhere             anywhere             /* rule to log dropped traffic POD name:traefik-55fdc6d984-ntg94 namespace: kube-system */ mark match ! 0x10000/0x10000 limit: avg 10/min burst 10 nflog-group 100
REJECT     all  --  anywhere             anywhere             /* rule to REJECT traffic destined for POD name:traefik-55fdc6d984-ntg94 namespace: kube-system */ mark match ! 0x10000/0x10000 reject-with icmp-port-unreachable
MARK       all  --  anywhere             anywhere             MARK and 0xfffeffff
MARK       all  --  anywhere             anywhere             /* set mark to ACCEPT traffic that comply to network policies */ MARK or 0x20000

Chain KUBE-POD-FW-IMDBK7X63JBV2LAF (7 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere             /* rule for stateful firewall for pod */ ctstate RELATED,ESTABLISHED
DROP       all  --  anywhere             anywhere             /* rule to drop invalid state for pod */ ctstate INVALID
ACCEPT     all  --  anywhere             ip-10-42-0-2.us-east-2.compute.internal  /* rule to permit the traffic traffic to pods when source is the pod's local node */ ADDRTYPE match src-type LOCAL
KUBE-NWPLCY-DEFAULT  all  --  ip-10-42-0-2.us-east-2.compute.internal  anywhere             /* run through default egress network policy  chain */
KUBE-NWPLCY-DEFAULT  all  --  anywhere             ip-10-42-0-2.us-east-2.compute.internal  /* run through default ingress network policy  chain */
NFLOG      all  --  anywhere             anywhere             /* rule to log dropped traffic POD name:coredns-96cc4f57d-xs7vb namespace: kube-system */ mark match ! 0x10000/0x10000 limit: avg 10/min burst 10 nflog-group 100
REJECT     all  --  anywhere             anywhere             /* rule to REJECT traffic destined for POD name:coredns-96cc4f57d-xs7vb namespace: kube-system */ mark match ! 0x10000/0x10000 reject-with icmp-port-unreachable
MARK       all  --  anywhere             anywhere             MARK and 0xfffeffff
MARK       all  --  anywhere             anywhere             /* set mark to ACCEPT traffic that comply to network policies */ MARK or 0x20000

Chain KUBE-POD-FW-JBN3E22KQZTN647M (7 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere             /* rule for stateful firewall for pod */ ctstate RELATED,ESTABLISHED
DROP       all  --  anywhere             anywhere             /* rule to drop invalid state for pod */ ctstate INVALID
ACCEPT     all  --  anywhere             ip-10-42-0-5.us-east-2.compute.internal  /* rule to permit the traffic traffic to pods when source is the pod's local node */ ADDRTYPE match src-type LOCAL
KUBE-NWPLCY-DEFAULT  all  --  ip-10-42-0-5.us-east-2.compute.internal  anywhere             /* run through default egress network policy  chain */
KUBE-NWPLCY-DEFAULT  all  --  anywhere             ip-10-42-0-5.us-east-2.compute.internal  /* run through default ingress network policy  chain */
NFLOG      all  --  anywhere             anywhere             /* rule to log dropped traffic POD name:local-path-provisioner-84bb864455-vtsk4 namespace: kube-system */ mark match ! 0x10000/0x10000 limit: avg 10/min burst 10 nflog-group 100
REJECT     all  --  anywhere             anywhere             /* rule to REJECT traffic destined for POD name:local-path-provisioner-84bb864455-vtsk4 namespace: kube-system */ mark match ! 0x10000/0x10000 reject-with icmp-port-unreachable
MARK       all  --  anywhere             anywhere             MARK and 0xfffeffff
MARK       all  --  anywhere             anywhere             /* set mark to ACCEPT traffic that comply to network policies */ MARK or 0x20000

Chain KUBE-POD-FW-ZT2HHOQ7USXAUNIV (7 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere             /* rule for stateful firewall for pod */ ctstate RELATED,ESTABLISHED
DROP       all  --  anywhere             anywhere             /* rule to drop invalid state for pod */ ctstate INVALID
ACCEPT     all  --  anywhere             ip-10-42-0-7.us-east-2.compute.internal  /* rule to permit the traffic traffic to pods when source is the pod's local node */ ADDRTYPE match src-type LOCAL
KUBE-NWPLCY-DEFAULT  all  --  ip-10-42-0-7.us-east-2.compute.internal  anywhere             /* run through default egress network policy  chain */
KUBE-NWPLCY-DEFAULT  all  --  anywhere             ip-10-42-0-7.us-east-2.compute.internal  /* run through default ingress network policy  chain */
NFLOG      all  --  anywhere             anywhere             /* rule to log dropped traffic POD name:svclb-traefik-zzpq7 namespace: kube-system */ mark match ! 0x10000/0x10000 limit: avg 10/min burst 10 nflog-group 100
REJECT     all  --  anywhere             anywhere             /* rule to REJECT traffic destined for POD name:svclb-traefik-zzpq7 namespace: kube-system */ mark match ! 0x10000/0x10000 reject-with icmp-port-unreachable
MARK       all  --  anywhere             anywhere             MARK and 0xfffeffff
MARK       all  --  anywhere             anywhere             /* set mark to ACCEPT traffic that comply to network policies */ MARK or 0x20000

Chain KUBE-POD-FW-ZV6RHOVARH3BSSEF (7 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere             /* rule for stateful firewall for pod */ ctstate RELATED,ESTABLISHED
DROP       all  --  anywhere             anywhere             /* rule to drop invalid state for pod */ ctstate INVALID
ACCEPT     all  --  anywhere             ip-10-42-0-6.us-east-2.compute.internal  /* rule to permit the traffic traffic to pods when source is the pod's local node */ ADDRTYPE match src-type LOCAL
KUBE-NWPLCY-DEFAULT  all  --  ip-10-42-0-6.us-east-2.compute.internal  anywhere             /* run through default egress network policy  chain */
KUBE-NWPLCY-DEFAULT  all  --  anywhere             ip-10-42-0-6.us-east-2.compute.internal  /* run through default ingress network policy  chain */
NFLOG      all  --  anywhere             anywhere             /* rule to log dropped traffic POD name:metrics-server-ff9dbcb6c-ckcrl namespace: kube-system */ mark match ! 0x10000/0x10000 limit: avg 10/min burst 10 nflog-group 100
REJECT     all  --  anywhere             anywhere             /* rule to REJECT traffic destined for POD name:metrics-server-ff9dbcb6c-ckcrl namespace: kube-system */ mark match ! 0x10000/0x10000 reject-with icmp-port-unreachable
MARK       all  --  anywhere             anywhere             MARK and 0xfffeffff
MARK       all  --  anywhere             anywhere             /* set mark to ACCEPT traffic that comply to network policies */ MARK or 0x20000

Chain KUBE-PROXY-CANARY (0 references)
target     prot opt source               destination         

Chain KUBE-ROUTER-FORWARD (1 references)
target     prot opt source               destination         
KUBE-POD-FW-IMDBK7X63JBV2LAF  all  --  anywhere             ip-10-42-0-2.us-east-2.compute.internal  /* rule to jump traffic destined to POD name:coredns-96cc4f57d-xs7vb namespace: kube-system to chain KUBE-POD-FW-IMDBK7X63JBV2LAF */
KUBE-POD-FW-IMDBK7X63JBV2LAF  all  --  anywhere             ip-10-42-0-2.us-east-2.compute.internal  PHYSDEV match --physdev-is-bridged /* rule to jump traffic destined to POD name:coredns-96cc4f57d-xs7vb namespace: kube-system to chain KUBE-POD-FW-IMDBK7X63JBV2LAF */
KUBE-POD-FW-IMDBK7X63JBV2LAF  all  --  ip-10-42-0-2.us-east-2.compute.internal  anywhere             /* rule to jump traffic from POD name:coredns-96cc4f57d-xs7vb namespace: kube-system to chain KUBE-POD-FW-IMDBK7X63JBV2LAF */
KUBE-POD-FW-IMDBK7X63JBV2LAF  all  --  ip-10-42-0-2.us-east-2.compute.internal  anywhere             PHYSDEV match --physdev-is-bridged /* rule to jump traffic from POD name:coredns-96cc4f57d-xs7vb namespace: kube-system to chain KUBE-POD-FW-IMDBK7X63JBV2LAF */
KUBE-POD-FW-JBN3E22KQZTN647M  all  --  anywhere             ip-10-42-0-5.us-east-2.compute.internal  /* rule to jump traffic destined to POD name:local-path-provisioner-84bb864455-vtsk4 namespace: kube-system to chain KUBE-POD-FW-JBN3E22KQZTN647M */
KUBE-POD-FW-JBN3E22KQZTN647M  all  --  anywhere             ip-10-42-0-5.us-east-2.compute.internal  PHYSDEV match --physdev-is-bridged /* rule to jump traffic destined to POD name:local-path-provisioner-84bb864455-vtsk4 namespace: kube-system to chain KUBE-POD-FW-JBN3E22KQZTN647M */
KUBE-POD-FW-JBN3E22KQZTN647M  all  --  ip-10-42-0-5.us-east-2.compute.internal  anywhere             /* rule to jump traffic from POD name:local-path-provisioner-84bb864455-vtsk4 namespace: kube-system to chain KUBE-POD-FW-JBN3E22KQZTN647M */
KUBE-POD-FW-JBN3E22KQZTN647M  all  --  ip-10-42-0-5.us-east-2.compute.internal  anywhere             PHYSDEV match --physdev-is-bridged /* rule to jump traffic from POD name:local-path-provisioner-84bb864455-vtsk4 namespace: kube-system to chain KUBE-POD-FW-JBN3E22KQZTN647M */
KUBE-POD-FW-57RNXVVWQGMRAC6D  all  --  anywhere             ip-10-42-0-8.us-east-2.compute.internal  /* rule to jump traffic destined to POD name:traefik-55fdc6d984-ntg94 namespace: kube-system to chain KUBE-POD-FW-57RNXVVWQGMRAC6D */
KUBE-POD-FW-57RNXVVWQGMRAC6D  all  --  anywhere             ip-10-42-0-8.us-east-2.compute.internal  PHYSDEV match --physdev-is-bridged /* rule to jump traffic destined to POD name:traefik-55fdc6d984-ntg94 namespace: kube-system to chain KUBE-POD-FW-57RNXVVWQGMRAC6D */
KUBE-POD-FW-57RNXVVWQGMRAC6D  all  --  ip-10-42-0-8.us-east-2.compute.internal  anywhere             /* rule to jump traffic from POD name:traefik-55fdc6d984-ntg94 namespace: kube-system to chain KUBE-POD-FW-57RNXVVWQGMRAC6D */
KUBE-POD-FW-57RNXVVWQGMRAC6D  all  --  ip-10-42-0-8.us-east-2.compute.internal  anywhere             PHYSDEV match --physdev-is-bridged /* rule to jump traffic from POD name:traefik-55fdc6d984-ntg94 namespace: kube-system to chain KUBE-POD-FW-57RNXVVWQGMRAC6D */
KUBE-POD-FW-ZT2HHOQ7USXAUNIV  all  --  anywhere             ip-10-42-0-7.us-east-2.compute.internal  /* rule to jump traffic destined to POD name:svclb-traefik-zzpq7 namespace: kube-system to chain KUBE-POD-FW-ZT2HHOQ7USXAUNIV */
KUBE-POD-FW-ZT2HHOQ7USXAUNIV  all  --  anywhere             ip-10-42-0-7.us-east-2.compute.internal  PHYSDEV match --physdev-is-bridged /* rule to jump traffic destined to POD name:svclb-traefik-zzpq7 namespace: kube-system to chain KUBE-POD-FW-ZT2HHOQ7USXAUNIV */
KUBE-POD-FW-ZT2HHOQ7USXAUNIV  all  --  ip-10-42-0-7.us-east-2.compute.internal  anywhere             /* rule to jump traffic from POD name:svclb-traefik-zzpq7 namespace: kube-system to chain KUBE-POD-FW-ZT2HHOQ7USXAUNIV */
KUBE-POD-FW-ZT2HHOQ7USXAUNIV  all  --  ip-10-42-0-7.us-east-2.compute.internal  anywhere             PHYSDEV match --physdev-is-bridged /* rule to jump traffic from POD name:svclb-traefik-zzpq7 namespace: kube-system to chain KUBE-POD-FW-ZT2HHOQ7USXAUNIV */
KUBE-POD-FW-ZV6RHOVARH3BSSEF  all  --  anywhere             ip-10-42-0-6.us-east-2.compute.internal  /* rule to jump traffic destined to POD name:metrics-server-ff9dbcb6c-ckcrl namespace: kube-system to chain KUBE-POD-FW-ZV6RHOVARH3BSSEF */
KUBE-POD-FW-ZV6RHOVARH3BSSEF  all  --  anywhere             ip-10-42-0-6.us-east-2.compute.internal  PHYSDEV match --physdev-is-bridged /* rule to jump traffic destined to POD name:metrics-server-ff9dbcb6c-ckcrl namespace: kube-system to chain KUBE-POD-FW-ZV6RHOVARH3BSSEF */
KUBE-POD-FW-ZV6RHOVARH3BSSEF  all  --  ip-10-42-0-6.us-east-2.compute.internal  anywhere             /* rule to jump traffic from POD name:metrics-server-ff9dbcb6c-ckcrl namespace: kube-system to chain KUBE-POD-FW-ZV6RHOVARH3BSSEF */
KUBE-POD-FW-ZV6RHOVARH3BSSEF  all  --  ip-10-42-0-6.us-east-2.compute.internal  anywhere             PHYSDEV match --physdev-is-bridged /* rule to jump traffic from POD name:metrics-server-ff9dbcb6c-ckcrl namespace: kube-system to chain KUBE-POD-FW-ZV6RHOVARH3BSSEF */
ACCEPT     all  --  anywhere             anywhere             /* rule to explicitly ACCEPT traffic that comply to network policies */ mark match 0x20000/0x20000

Chain KUBE-ROUTER-INPUT (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             ip-10-43-0-0.us-east-2.compute.internal/16  /* allow traffic to cluster IP - M66LPN4N3KB5HTJR */
RETURN     tcp  --  anywhere             anywhere             /* allow LOCAL TCP traffic to node ports - LR7XO7NXDBGQJD2M */ ADDRTYPE match dst-type LOCAL multiport dports 30000:32767
RETURN     udp  --  anywhere             anywhere             /* allow LOCAL UDP traffic to node ports - 76UCBPIZNGJNWNUZ */ ADDRTYPE match dst-type LOCAL multiport dports 30000:32767
KUBE-POD-FW-IMDBK7X63JBV2LAF  all  --  ip-10-42-0-2.us-east-2.compute.internal  anywhere             /* rule to jump traffic from POD name:coredns-96cc4f57d-xs7vb namespace: kube-system to chain KUBE-POD-FW-IMDBK7X63JBV2LAF */
KUBE-POD-FW-JBN3E22KQZTN647M  all  --  ip-10-42-0-5.us-east-2.compute.internal  anywhere             /* rule to jump traffic from POD name:local-path-provisioner-84bb864455-vtsk4 namespace: kube-system to chain KUBE-POD-FW-JBN3E22KQZTN647M */
KUBE-POD-FW-57RNXVVWQGMRAC6D  all  --  ip-10-42-0-8.us-east-2.compute.internal  anywhere             /* rule to jump traffic from POD name:traefik-55fdc6d984-ntg94 namespace: kube-system to chain KUBE-POD-FW-57RNXVVWQGMRAC6D */
KUBE-POD-FW-ZT2HHOQ7USXAUNIV  all  --  ip-10-42-0-7.us-east-2.compute.internal  anywhere             /* rule to jump traffic from POD name:svclb-traefik-zzpq7 namespace: kube-system to chain KUBE-POD-FW-ZT2HHOQ7USXAUNIV */
KUBE-POD-FW-ZV6RHOVARH3BSSEF  all  --  ip-10-42-0-6.us-east-2.compute.internal  anywhere             /* rule to jump traffic from POD name:metrics-server-ff9dbcb6c-ckcrl namespace: kube-system to chain KUBE-POD-FW-ZV6RHOVARH3BSSEF */
ACCEPT     all  --  anywhere             anywhere             /* rule to explicitly ACCEPT traffic that comply to network policies */ mark match 0x20000/0x20000

Chain KUBE-ROUTER-OUTPUT (1 references)
target     prot opt source               destination         
KUBE-POD-FW-IMDBK7X63JBV2LAF  all  --  anywhere             ip-10-42-0-2.us-east-2.compute.internal  /* rule to jump traffic destined to POD name:coredns-96cc4f57d-xs7vb namespace: kube-system to chain KUBE-POD-FW-IMDBK7X63JBV2LAF */
KUBE-POD-FW-IMDBK7X63JBV2LAF  all  --  ip-10-42-0-2.us-east-2.compute.internal  anywhere             /* rule to jump traffic from POD name:coredns-96cc4f57d-xs7vb namespace: kube-system to chain KUBE-POD-FW-IMDBK7X63JBV2LAF */
KUBE-POD-FW-JBN3E22KQZTN647M  all  --  anywhere             ip-10-42-0-5.us-east-2.compute.internal  /* rule to jump traffic destined to POD name:local-path-provisioner-84bb864455-vtsk4 namespace: kube-system to chain KUBE-POD-FW-JBN3E22KQZTN647M */
KUBE-POD-FW-JBN3E22KQZTN647M  all  --  ip-10-42-0-5.us-east-2.compute.internal  anywhere             /* rule to jump traffic from POD name:local-path-provisioner-84bb864455-vtsk4 namespace: kube-system to chain KUBE-POD-FW-JBN3E22KQZTN647M */
KUBE-POD-FW-57RNXVVWQGMRAC6D  all  --  anywhere             ip-10-42-0-8.us-east-2.compute.internal  /* rule to jump traffic destined to POD name:traefik-55fdc6d984-ntg94 namespace: kube-system to chain KUBE-POD-FW-57RNXVVWQGMRAC6D */
KUBE-POD-FW-57RNXVVWQGMRAC6D  all  --  ip-10-42-0-8.us-east-2.compute.internal  anywhere             /* rule to jump traffic from POD name:traefik-55fdc6d984-ntg94 namespace: kube-system to chain KUBE-POD-FW-57RNXVVWQGMRAC6D */
KUBE-POD-FW-ZT2HHOQ7USXAUNIV  all  --  anywhere             ip-10-42-0-7.us-east-2.compute.internal  /* rule to jump traffic destined to POD name:svclb-traefik-zzpq7 namespace: kube-system to chain KUBE-POD-FW-ZT2HHOQ7USXAUNIV */
KUBE-POD-FW-ZT2HHOQ7USXAUNIV  all  --  ip-10-42-0-7.us-east-2.compute.internal  anywhere             /* rule to jump traffic from POD name:svclb-traefik-zzpq7 namespace: kube-system to chain KUBE-POD-FW-ZT2HHOQ7USXAUNIV */
KUBE-POD-FW-ZV6RHOVARH3BSSEF  all  --  anywhere             ip-10-42-0-6.us-east-2.compute.internal  /* rule to jump traffic destined to POD name:metrics-server-ff9dbcb6c-ckcrl namespace: kube-system to chain KUBE-POD-FW-ZV6RHOVARH3BSSEF */
KUBE-POD-FW-ZV6RHOVARH3BSSEF  all  --  ip-10-42-0-6.us-east-2.compute.internal  anywhere             /* rule to jump traffic from POD name:metrics-server-ff9dbcb6c-ckcrl namespace: kube-system to chain KUBE-POD-FW-ZV6RHOVARH3BSSEF */
ACCEPT     all  --  anywhere             anywhere             /* rule to explicitly ACCEPT traffic that comply to network policies */ mark match 0x20000/0x20000

Chain KUBE-SERVICES (2 references)
target     prot opt source               destination

AFTER $ sudo k3s-killall.sh && sudo k3s-uninstall.sh
$ sudo iptables -L

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

@VestigeJ VestigeJ closed this as completed Feb 9, 2022
Development [DEPRECATED] automation moved this from To Test to Done Issue / Merged PR Feb 9, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@VestigeJ VestigeJ

@manuelbuil manuelbuil

Labels
None yet
Projects
No open projects
Development [DEPRECATED]
Done Issue
Milestone
v1.22.6+k3s1
Development

No branches or pull requests
2 participants
@VestigeJ @manuelbuil