Kubernetes Kube-Proxy Server: Can it run without iptables' nat module?

Question

Background:
In our environment, iptables' nat module is disabled. So I must use '-b=none --iptables=false' to start docker daemon and always add '--net host' when using 'docker run' command.

The same problem arising when using kubernetes. When I try to start the 'kube-proxy' service, I got an error:

> F0822 14:32:49.065506   29630 server.go:101] Unable to create proxer:
> failed to initialize iptables: error creating chain
> "KUBE-PORTALS-CONTAINER": exit status 3: iptables v1.4.21: can't
> initialize iptables table `nat': Table does not exist (do you need to
> insmod?) Perhaps iptables or your kernel needs to be upgraded.

Is there a way to bypass this?

score 0 · Answer 1 · answered Aug 23 '16 at 09:07

0

Kube-proxy makes heavy use of IPtables, even in userspace mode. I'm afraid you won't be able to run a Kubernetes node on a machine where IPtables is disabled completely.

answered Aug 23 '16 at 09:07

Antoine Cotten

2,673
18
37

Thanks for the explanation. – discover Aug 25 '16 at 06:51

Kubernetes Kube-Proxy Server: Can it run without iptables' nat module?

1 Answers1