Was installing microk8s inside a customer datacenter which uses the 10.1 space internally and running into some conflicts accessing other services in the datacenter, so wanted to move the pod CIDR to 10.2.
Followed these instructions without a hitch, but my pods lost all connectivity beyond the node. I found legacy and non-legacy iptables FORWARD rules which seem to have been installed with microk8s like this:
iptables -A FORWARD -s 10.1.0.0/16 -m comment --comment "generated for MicroK8s pods" -j ACCEPT
iptables -A FORWARD -d 10.1.0.0/16 -m comment --comment "generated for MicroK8s pods" -j ACCEPT
iptables-legacy -A FORWARD -s 10.1.0.0/16 -m comment --comment "generated for MicroK8s pods" -j ACCEPT
iptables-legacy -A FORWARD -d 10.1.0.0/16 -m comment --comment "generated for MicroK8s pods" -j ACCEPT
These were no longer needed (contributing to the conflicts) and 10.2 rules needed instead to restore egress from the pods. I deleted the rules by rule number and added them back for 10.2 with my own comments, got everything working fine, but I’m vaguely worried whatever installed these will someday come to reinstall them.
I feel like this documentation page should at least include a heads up about needing to modify these rules to effect a CIDR change, if they came in with microk8s somewhere - and some instruction (which I do not know) as to how to avoid the issue or correct it at its root.