kube-proxy fails to create iptables routing
Summary
After installation with kubeadm, the kube-proxy container cannot create iptables routing rules.
Steps to reproduce
Run kubeadm init to create a new kubernetes cluster with this image.
What is the current bug behavior?
The kube-proxy container reports the following in it's logs: Could not set up iptables canary mangle/KUBE-PROXY-CANARY: error creating chain "KUBE-PROXY-CANARY": executable file not found in $PATH:
What is the expected correct behavior?
iptables routing rules can be created for internal cluster traffic
Relevant logs and/or screenshots
Running docker run -ti 2beccc4ec9da /bin/bash
and subsiquently iptables
reports: /usr/sbin/iptables: Permission denied
tracing the iptables binary I see, /usr/sbin/iptables -> /etc/alternatives/iptables -> /usr/sbin/iptables-wrapper
I noticed that the file permissions for the wrapper are as follows:
-rw-rw-rw-. 1 root root 89 Nov 24 19:26 /usr/sbin/iptables-wrapper
Possible fixes
Running chmod +x /usr/sbin/iptables-wrapper
changes the error to the following in some cases:
/usr/sbin/iptables-legacy has not been configured as an alternative for iptables
My most recent try resulted in the iptables command not reporting anything regardless of input.
Defintion of Done
-
Bug has been identified and corrected within the container
/cc @ironbank-notifications/bug