A GKE Cluster's Kubelet should be allowed to manage iptables

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください

Description

It is recommended that kubelets be allowed to manage changes to iptables. This ensures that the iptables configuration remains in sync with your pods networking configuration. Manually configuring iptables with dynamic pod network configuration changes might hamper the communication between pods/containers and to the outside world.

Remediation

Choose a remediation method from below. For both steps, a restart of the Kubelet service is required afterwards.

Kubelet config file

  1. Add the json below to this file: /etc/kubernetes/kubelet/kubelet-config.json
"makeIPTablesUtilChains": true

Executable arguments

  1. Edit the kubelet service file on each worker node and ensure the below parameters are part of the KUBELET_ARGS variable string.
--make-iptables-util-chains:true