Can't install Kubernetes on Vagrant

Question

Use this guide to install Kubernetes on Vagrant cluster:

https://kubernetes.io/docs/getting-started-guides/kubeadm/

At (2/4) Initializing your master, there came some errors:

[root@localhost ~]# kubeadm init
[kubeadm] WARNING: kubeadm is in beta, please do not use it for production clusters.
[init] Using Kubernetes version: v1.6.4
[init] Using Authorization mode: RBAC
[preflight] Running pre-flight checks
[preflight] Some fatal errors occurred:
    /proc/sys/net/bridge/bridge-nf-call-iptables contents are not set to 1
[preflight] If you know what you are doing, you can skip pre-flight checks with `--skip-preflight-checks`

I checked the /proc/sys/net/bridge/bridge-nf-call-iptables file content, there is only one 0 in it.

At (3/4) Installing a pod network, I downloaded kube-flannel file:

https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

And run kubectl apply -f kube-flannel.yml, got error:

[root@localhost ~]# kubectl apply -f kube-flannel.yml
The connection to the server localhost:8080 was refused - did you specify the right host or port?

Until here, I don't know how to goon.

My Vagrantfile:

  # Master Server
  config.vm.define "master", primary: true do |master|
    master.vm.network :private_network, ip: "192.168.33.200"
    master.vm.network :forwarded_port, guest: 22, host: 1234, id: 'ssh'
  end

Answer 1

In order to set /proc/sys/net/bridge/bridge-nf-call-iptables by editing /etc/sysctl.conf. There you can add [1]

net.bridge.bridge-nf-call-iptables = 1

Then execute

sudo sysctl -p

And the changes will be applied. With this the pre-flight check should pass.

---

[1] http://wiki.libvirt.org/page/Net.bridge.bridge-nf-call_and_sysctl.conf

Answer 2

Update @2019/09/02

Sometimes modprobe br_netfilter is unreliable, you may need to redo it after relogin, so use the following instead when on a systemd sytem:

echo br_netfilter > /etc/modules-load.d/br_netfilter.conf
systemctl restart systemd-modules-load.service
echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
echo 1 > /proc/sys/net/bridge/bridge-nf-call-ip6tables

---

YES, the accepted answer is right, but I faced with

cannot stat /proc/sys/net/bridge/bridge-nf-call-ip6tables: No such file or directory

So I did

modprobe br_netfilter

echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
echo 1 > /proc/sys/net/bridge/bridge-nf-call-ip6tables
sudo sysctl -p

Then solved.

Answer 3

On Ubuntu 16.04 I just had to:

modprobe br_netfilter

Default value in /proc/sys/net/bridge/bridge-nf-call-iptables is already 1.

Then I added br_netfilter to /etc/modules to load the module automatically on next boot.

Answer 4

As mentioned in K8s docs - Installing kubeadm under the Letting iptables see bridged traffic section:

Make sure that the br_netfilter module is loaded. This can be done by running lsmod | grep br_netfilter.
To load it explicitly call sudo modprobe br_netfilter.

As a requirement for your Linux Node's iptables to correctly see bridged traffic, you should ensure net.bridge.bridge-nf-call-iptables is set to 1 in your sysctl config, e.g.

cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sudo sysctl --system

---

Regardng the preflight erros - you can see in Kubeadm Implementation details under the preflight-checks:

Kubeadm executes a set of preflight checks before starting the init, with the aim to verify preconditions and avoid common cluster startup problems..

The following missing configurations will produce errors:

.
.
if /proc/sys/net/bridge/bridge-nf-call-iptables file does not exist/does not contain 1

if advertise address is ipv6 and /proc/sys/net/bridge/bridge-nf-call-ip6tables does not exist/does not contain 1.

if swap is on
.
.

Answer 5

The one-liner way:

sysctl net.bridge.bridge-nf-call-iptables=1