A GKE Cluster's Kubelet should be allowed to manage iptables
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
Description
It is recommended that kubelets be allowed to manage changes to iptables
. This ensures that the iptables
configuration remains in sync with your pods networking configuration. Manually configuring iptables
with dynamic pod network configuration changes might hamper the communication between pods/containers and to the outside world.
Choose a remediation method from below. For both steps, a restart of the Kubelet service is required afterwards.
Kubelet config file
- Add the json below to this file:
/etc/kubernetes/kubelet/kubelet-config.json
"makeIPTablesUtilChains": true
Executable arguments
- Edit the kubelet service file on each worker node and ensure the below parameters are part of the
KUBELET_ARGS
variable string.
--make-iptables-util-chains:true