Running microk8s with ufw enabled


Is it possible to get microk8s working on a system where ufw is enabled? I’ve found that the hostpath provisioner and kube-dns pods are unable to run unless I disable it; they get stuck in CrashLoopBackoff with errors like:

F0318 15:26:22.847440 1 hostpath-provisioner.go:162] Error getting server version: Get dial tcp i/o timeout

What subnets do I need to allow in order to get this to work with firewalls enabled, and how can I find them? I don’t really want to expose a development cluster like microk8s to all network interfaces.



Update: Allowing cbr0 per the FAQ[0] seemed to fix this!




Hi @cmars,

In the upcoming v1.14 release of MicroK8s we have reviewed the ports we leave open, have a look at . You can also give the new release a test drive with

sudo snap install microk8s --classic --channel=1.14/beta

Note that you will still need to allow packet forwarding on cb0

1 Like