iptables wrapper entrypoint isn't executable
The iptables wrapper entrypoint isn't executable and therefore we get a complaint from kube-proxy that it cannot be found on $PATH:
Error checking iptables version, assuming version at least 1.4.11: executable file not found in $PATH
...
...
E0821 12:17:29.629224 1 proxier.go:1876] Failed to execute iptables-save, syncing all rules: executable file not found in $PATH
E0821 12:17:29.629266 1 proxier.go:1876] Failed to execute iptables-save, syncing all rules: executable file not found in $PATH
E0821 12:17:29.629311 1 proxier.go:1842] Failed to ensure that nat chain KUBE-SERVICES exists: error creating chain "KUBE-SERVICES": executable file not found in $PATH:
E0821 12:17:29.694680 1 proxier.go:1562] Failed to execute iptables-restore: executable file not found in $PATH ()
From within the container we have:
update-alternatives --list
...
ip6tables auto /usr/sbin/iptables-wrapper
iptables auto /usr/sbin/iptables-wrapper
but its not executable:
-rw-r--r--. 1 root root 1682 Jul 31 17:50 /usr/sbin/iptables-wrapper
if i manually intervene and add execute permissions, now i can run iptables and it will get to the wrapper.
Edited by jperez2