Running microk8s with ufw enabled

cmars · March 18, 2019, 3:32pm

Is it possible to get microk8s working on a system where ufw is enabled? I’ve found that the hostpath provisioner and kube-dns pods are unable to run unless I disable it; they get stuck in CrashLoopBackoff with errors like:

F0318 15:26:22.847440 1 hostpath-provisioner.go:162] Error getting server version: Get https://10.152.183.1:443/version: dial tcp 10.152.183.1:443: i/o timeout

What subnets do I need to allow in order to get this to work with firewalls enabled, and how can I find them? I don’t really want to expose a development cluster like microk8s to all network interfaces.

cmars · March 18, 2019, 7:49pm

Update: Allowing cbr0 per the FAQ[0] seemed to fix this!

[0] https://microk8s.io/docs/#my-dns-and-dashboard-pods-are-crashlooping

kjackal · March 19, 2019, 9:10am

Hi @cmars,

In the upcoming v1.14 release of MicroK8s we have reviewed the ports we leave open, have a look at https://github.com/ubuntu/microk8s/blob/feature/containerd-access/docs/ports.md . You can also give the new release a test drive with

sudo snap install microk8s --classic --channel=1.14/beta

Note that you will still need to allow packet forwarding on cb0

Topic	Replies	Views
MicroK8s Ports microk8s security , network , microk8s	35	July 18, 2024
Can't view Microk8s pod in firefox in Linux host. Firewall issue? microk8s	478	January 2, 2022
MicroK8s v1.18 released! microk8s	2303	March 26, 2020
MicroK8s v1.17 released! microk8s	1130	December 11, 2019
MicroK8s v1.15 released! Announcements	1354	June 21, 2019

Running microk8s with ufw enabled

Related topics