Hi all,
I’m trying to deploy a single node with kubeadm, but my kube-proxy is failing to deploy iptables rules and I’m not sure what to check. I thought it was because of ipv6, but I have disabled it and still face issues.
The command I’m running to initialize the ccluster is:
kubeadm init --apiserver-advertise-address 192.168.100.201 --pod-network-cird 10.42.0.0/24 --service-cidr 10.43.0.0/24
Prior to this I’ve set ip_forward to 1 and net.bridge.bridge-nf-call-iptables to 1 as well.
Firewalld is off and selinux is set to permissive.
Cluster information:
Kubernetes version: 1.29.14
Cloud being used: bare-metal
Installation method: kubeadm
Host OS: Fedora 41 wit kernel 6.11.4
CNI and version:
CRI and version: containerd v 1.7.25
Kube-Proxy error:
I0305 13:19:47.564524 1 server_others.go:72] “Using iptables proxy” I0305 13:19:47.571209 1 server.go:1050] “Successfully retrieved node IP(s)” IPs=[“192.168.100.201”] I0305 13:19:47.574896 1 conntrack.go:58] “Setting nf_conntrack_max” nfConntrackMax=196608 I0305 13:19:47.593362 1 server.go:652] “kube-proxy running in dual-stack mode” primary ipFamily=“IPv4” I0305 13:19:47.593405 1 server_others.go:168] “Using iptables Proxier” I0305 13:19:47.595482 1 server_others.go:512] “Detect-local-mode set to ClusterCIDR, but no cluster CIDR for family” ipFamily=“IPv6” I0305 13:19:47.595511 1 server_others.go:529] “Defaulting to no-op detect-local” I0305 13:19:47.595532 1 proxier.go:245] “Setting route_localnet=1 to allow node-ports on localhost; to change this either disable iptables.localhostNodePorts (–iptables-localhost-nodeports) or set nodePortAddresses (–nodeport-addresses) to filter loopback addresses” I0305 13:19:47.595801 1 server.go:865] “Version info” version=“v1.29.14” I0305 13:19:47.595830 1 server.go:867] “Golang settings” GOGC=“” GOMAXPROCS=“” GOTRACEBACK=“” I0305 13:19:47.596579 1 config.go:97] “Starting endpoint slice config controller” I0305 13:19:47.596586 1 config.go:188] “Starting service config controller” I0305 13:19:47.596604 1 shared_informer.go:311] Waiting for caches to sync for endpoint slice config I0305 13:19:47.596604 1 shared_informer.go:311] Waiting for caches to sync for service config I0305 13:19:47.596655 1 config.go:315] “Starting node config controller” I0305 13:19:47.596673 1 shared_informer.go:311] Waiting for caches to sync for node config I0305 13:19:47.697677 1 shared_informer.go:318] Caches are synced for node config I0305 13:19:47.697708 1 shared_informer.go:318] Caches are synced for endpoint slice config I0305 13:19:47.697734 1 shared_informer.go:318] Caches are synced for service config E0305 13:19:47.819706 1 proxier.go:1525] “Failed to execute iptables-restore” err=< exit status 2: Warning: Extension MARK revision 0 not supported, missing kernel module? ip6tables-restore v1.8.9 (nf_tables): unknown option “–xor-mark” Error occurred at line: 17 Try `ip6tables-restore -h’ or ‘ip6tables-restore --help’ for more information. > I0305 13:19:47.819744 1 proxier.go:803] “Sync failed” retryingTime=“30s”
Could anyone offer some assistance? I don’t know where to look next. There seem to be some rules in iptable both in the nat and default tables.
Thanks