-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
"No route to host" after initial installation #977
Comments
There shouldn't be any issues with k3s here; or at least I'm not aware of any issues presently. Is this issue still happening for you? It looks like a possible networking issue or something else funky is going on. Can the host reach Have you taken a look at the network and ensured everything looks good? |
Since I did nothing special other than installing k3s, I think the network is working fine.
The host can reach And I realized that there's no Now there is two pods and one of them failed to start with same error.
|
What is the output of |
Here.
|
Thanks! Also, |
OK
|
Interesting that |
I'm using vm on Oracle Cloud. And this is syslog. |
Thanks! |
I installed on new machine. |
Thanks, nothing pops out to me from the logs, looks like it should be creating iptables entries. It looks like the network devices and route are created, but |
Sorry... I didn't use sudo when check iptables-save... This is the output of
|
Looks like Oracle's firewall is breaking things. |
What should I do? |
same problem, using oracle cloud ubuntu
|
@erikwilson After also running into this issue I dug deeper and found the culprit. I am on CentOS7 with the following iptables default configuration:
By default this setup only allows SSH and rejects all other input and forward requests. Now when k3s starts itself the rules look like this (forward only):
As you can see while the kubernetes forwarding rules and service portal are created properly, the flannel rules are just appened last and as such will just fail. You can find the relevant code in: Interestingly enough there is a similar rule in the KUBE-FORWARD chain:
But this one only accepts already established connections, so it won't help here. All in all I do not think that the existing firewalls are to blame here, but k3s creating it's rules in the wrong place. |
Note: Just moving the rules before the REJECT doesn't seem to be enough, I have to check where else it triggers failures :( [Removing the default REJECT does fix it] |
Okay, I have got it. The default INPUT rules also drop everything, so one needs to (for instance) add:
The better option is probably to add rules to allow traffic through the cni0 interface. Either way, to summarize I can say: EDIT: Note that when I refer to 10.43 I mean flannel on my box and 10.42 is cni. |
A working iptables configuration with comments where I added rules and what they look like:
In general I think it would be good to allow INPUTs on cni0 instead of the source addr, but it illustrates the issue nicely. If you drop the added accepts the kernel will show you the rejections:
Here the pod tries to talk to the kube master on the same host but the INPUT rule forbids it. |
I guess my issue is also connected with this: #1247 |
you're the man! this fixes it for me on centos8. |
what's the proper fix for this? Edit: since i was using microk8s before, i did a iptable flush before installiing k3s and it works now |
This repository uses a bot to automatically label issues which have not had any activity (commit/comment/label) for 180 days. This helps us manage the community issues better. If the issue is still relevant, please add a comment to the issue so the bot can remove the label and we know it is still valid. If it is no longer relevant (or possibly fixed in the latest release), the bot will automatically close the issue in 14 days. Thank you for your contributions. |
I tried to install k3s on ubuntu 16.04 and 18.04 and same error happens.
I used this command to install k3s.
Version:
Describe the bug
These two pods crash with "No route to host" errors.
To Reproduce
Just install k3s with this command:
curl -sfL https://get.k3s.io | sh -
Expected behavior
k3s works fine.
Actual behavior
Two pods don't work.
I'm a beginner about kubernetes, so there may be something overlooked...
The text was updated successfully, but these errors were encountered: