Add ufw to known issues

Addresses k3s-io/k3s#2059 by adding information on the modifications needed to run k3s with ufw enabled
t0xicCode · Oct 4, 2020 · f76116c · f76116c
1 parent 94f8ec5
commit f76116c
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/content/k3s/latest/en/known-issues/_index.md b/content/k3s/latest/en/known-issues/_index.md
@@ -15,3 +15,12 @@ If you are running iptables in nftables mode instead of legacy you might encount
 **RootlessKit**
 
 Running K3s with RootlessKit is experimental and has several [known issues.]({{<baseurl>}}/k3s/latest/en/advanced/#known-issues-with-rootlesskit)
+
+**Ufw**
+
+UFW firewall rules are evaluated prior to the kube-proxy rules, so traffic to cluster services can be blocked. Traffic from the service and pod networks should be allowed in ufw to ensure that the kube-proxy rules are evaluated. Given the default values, the following will allow traffic from those network through the ufw portion, before reaching the kube-proxy rules.
+
+```
+sudo ufw allow from 10.42.0.0/16 to any
+sudo ufw allow from 10.43.0.0/16 to any
+```