Comments (4)
westrickc
commented on July 18, 2024
2
I get the same error after creating a new cluster with k3d. My host OS is RHEL 8.5. I think it is related to the fact that RHEL 8.5 only supports nftables, but the kilpper-lb docker image has iptables symlinked to the legacy version.
Relevant versions of things:
- Red Hat Enterprise Linux release 8.5 (Ootpa)
- Docker version 20.10.14, build a224086
- k3d version v5.4.1
- k3s version v1.22.7-k3s1 (default)
My workaround was to recreate the rancher/klipper-lb:vb0.3.4 image with this Dockerfile:
FROM rancher/klipper-lb:v0.3.4
# Use nftables iptables not legacy
RUN \
ln -sf /sbin/xtables-nft-multi /sbin/iptables && \
ln -sf /sbin/xtables-nft-multi /sbin/iptables-save && \
ln -sf /sbin/xtables-nft-multi /sbin/iptables-restore
CMD ["entry"]
Then I used k3d image import to inject this new image into the cluster. Eventually kubernetes will use the new image to restart the failed svclb-traefik-xxxxx pod.
It's a hack, but it gets ingress working on my system.
from klipper-lb.
bayeslearner
commented on July 18, 2024
Name: svclb-traefik-wqjjt
Namespace: kube-system
Priority: 0
Node: <none>
Labels: app=svclb-traefik
controller-revision-hash=f4f897b4f
pod-template-generation=1
svccontroller.k3s.cattle.io/svcname=traefik
Annotations: <none>
Status: Pending
IP:
IPs: <none>
Controlled By: DaemonSet/svclb-traefik
Containers:
lb-port-80:
Image: rancher/klipper-lb:v0.3.4
Port: 80/TCP
Host Port: 80/TCP
Environment:
SRC_PORT: 80
DEST_PROTO: TCP
DEST_PORT: 80
DEST_IPS: 10.43.184.59
Mounts: <none>
lb-port-443:
Image: rancher/klipper-lb:v0.3.4
Port: 443/TCP
Host Port: 443/TCP
Environment:
SRC_PORT: 443
DEST_PROTO: TCP
DEST_PORT: 443
DEST_IPS: 10.43.184.59
Mounts: <none>
Conditions:
Type Status
PodScheduled False
Volumes: <none>
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: CriticalAddonsOnly op=Exists
node-role.kubernetes.io/control-plane:NoSchedule op=Exists
node-role.kubernetes.io/master:NoSchedule op=Exists
node.kubernetes.io/disk-pressure:NoSchedule op=Exists
node.kubernetes.io/memory-pressure:NoSchedule op=Exists
node.kubernetes.io/not-ready:NoExecute op=Exists
node.kubernetes.io/pid-pressure:NoSchedule op=Exists
node.kubernetes.io/unreachable:NoExecute op=Exists
node.kubernetes.io/unschedulable:NoSchedule op=Exists
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning FailedScheduling 5m44s default-scheduler 0/1 nodes are available: 1 node(s) didn't have free ports for the requested pod ports.
Warning FailedScheduling 4m32s default-scheduler 0/1 nodes are available: 1 node(s) didn't have free ports for the requested pod ports.
from klipper-lb.
r-ushil
commented on July 18, 2024
Check this out for a quick fix:
To solve the problem properly (rather than use this ad-hoc fix), I would suggest rewriting check_iptables_mode() to use grep inside of the /sbin directory, rather than trying to use lsmod / modprobe
from klipper-lb.
bartowl
commented on July 18, 2024
It has been now over a year and this issue has still not been fixed? There is more and more nft-based systems and this is really annoying... In particular, with 0.4.3:
+ info 'legacy mode detected'
+ echo '[INFO] ' 'legacy mode detected'
+ set_legacy
+ ln -sf /sbin/xtables-legacy-multi /sbin/iptables
[INFO] legacy mode detected
+ ln -sf /sbin/xtables-legacy-multi /sbin/iptables-save
+ ln -sf /sbin/xtables-legacy-multi /sbin/iptables-restore
+ ln -sf /sbin/xtables-legacy-multi /sbin/ip6tables
+ start_proxy
+ echo 0.0.0.0/0
+ grep -Eq :
+ iptables -t filter -I FORWARD -s 0.0.0.0/0 -p TCP --dport 80 -j ACCEPT
modprobe: can't change directory to '/lib/modules': No such file or directory
modprobe: can't change directory to '/lib/modules': No such file or directory
iptables v1.8.8 (legacy): can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
This is current (5.5.1) k3d using klipper-lb:v0.4.3 on Oracle Linux Server 8.7 (RHEL 8.7 binary compatible).
Host is running iptables v1.8.4 (nf_tables) with following packages installed:
iptables-1.8.4-23.0.1.el8.x86_64
nftables-0.9.3-26.el8.x86_64
iptables-ebtables-1.8.4-23.0.1.el8.x86_64
python3-nftables-0.9.3-26.el8.x86_64
iptables-libs-1.8.4-23.0.1.el8.x86_64
proposed change do the detection would be to replace
lsmod | grep "nf_tables"
with lsmod | grep "nf_conntrack" as this is how lsmod output looks like on this system after grepping for "nf_":
#5 0.220 nf_conntrack_netlink 45056 0
#5 0.220 nf_reject_ipv4 16384 1 ipt_REJECT
#5 0.220 nf_nat 45056 3 xt_nat,xt_MASQUERADE,nft_chain_nat
#5 0.220 nf_conntrack 147456 5 nf_conntrack_netlink,xt_nat,xt_conntrack,xt_MASQUERADE,nf_nat
#5 0.220 nf_defrag_ipv6 24576 1 nf_conntrack
#5 0.220 nf_defrag_ipv4 16384 1 nf_conntrack
#5 0.220 libcrc32c 16384 3 nf_nat,nf_conntrack,xfs
from klipper-lb.
Related Issues (20)
- svclb pod not returning SSL Certificates. HOT 5
- Possible to "bind" to multiple IPs? HOT 1
- Support externalTrafficPolicy: Local HOT 1
- Specifying port range
- Nat not always working HOT 1
- No balancing when node goes down HOT 1
- Standalone version HOT 1
- All requests that reach pods have the load balancer's IP HOT 17
- I see the klipper-lb support iptables, but it supports ipvs?
- Klipper in wrong namespace and not able to kill the pods
- Alpine 3.15.4 - Release? HOT 1
- Bind to specific interface? HOT 2
- svclb pods state is pending HOT 1
- Dual-Stack LoadBalancers are not supported
- Busybox CVE-2022-48174
- How can inbound traffic be routed exclusively to the current node's Traefik pod? HOT 2
- Requests coming from zerotier-one don't preserve Source IP
- LB crashloop
- [suggestion] support for labeling node with several pools
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from klipper-lb.