Running microk8s with ufw enabled

cmars · March 18, 2019, 3:32pm

Is it possible to get microk8s working on a system where ufw is enabled? I’ve found that the hostpath provisioner and kube-dns pods are unable to run unless I disable it; they get stuck in CrashLoopBackoff with errors like:

F0318 15:26:22.847440 1 hostpath-provisioner.go:162] Error getting server version: Get https://10.152.183.1:443/version: dial tcp 10.152.183.1:443: i/o timeout

What subnets do I need to allow in order to get this to work with firewalls enabled, and how can I find them? I don’t really want to expose a development cluster like microk8s to all network interfaces.

cmars · March 18, 2019, 7:49pm

Update: Allowing cbr0 per the FAQ[0] seemed to fix this!

[0] https://microk8s.io/docs/#my-dns-and-dashboard-pods-are-crashlooping

kjackal · March 19, 2019, 9:10am

Hi @cmars,

In the upcoming v1.14 release of MicroK8s we have reviewed the ports we leave open, have a look at https://github.com/ubuntu/microk8s/blob/feature/containerd-access/docs/ports.md . You can also give the new release a test drive with

sudo snap install microk8s --classic --channel=1.14/beta

Note that you will still need to allow packet forwarding on cb0

Topic		Replies	Views
Can't view Microk8s pod in firefox in Linux host. Firewall issue? microk8s	0	472	January 2, 2022
Proxy / port forward to dashboard does not work microk8s	0	1636	December 17, 2021
Problems with forwarding the dashboard in a highly available microk8s cluster microk8s	1	597	October 18, 2020
[Network errors] - Microk8s microk8s	1	677	May 12, 2021
Dashboard proxy on rasberry pi not working microk8s	0	561	November 21, 2021

Running microk8s with ufw enabled

Related Topics