Microk8s: Document rules needed if ufw enabled
As shown by #66 and #67, if user has ufw enabled, some rules will need to be added to allow traffic for the apiserver and dns (maybe others?).
Let's add the necessary rules to the readme.
tvansteenburgh
All 6 comments
I wonder if this problem would go away if we used the loopback interface by default (which I think we should do, see https://github.com/juju-solutions/microk8s/issues/63#issuecomment-402865403). Then maybe ufw modifications would only be required if you wanted to expose your microk8s on a different interface.
tvansteenburgh
on 13 Jul 2018
Ignore previous comment, loopback is irrelevant. Actual fix described in https://github.com/juju-solutions/microk8s/issues/67#issuecomment-404921973
tvansteenburgh
on 13 Jul 2018
I suspect we also need to run sudo ufw default allow routed in order to enable IP forwarding. I have ufw enabled on a host and while I could ping and DNS resolve between containers, many things couldn't reach the outside world and had spotty connectivity to each other that was tricky to diagnose. Adding the above resolved it.
davefinster
on 24 Jul 2018
@davefinster Awesome, thanks for that tip. Will add that to the troubleshooting section.
tvansteenburgh
on 24 Jul 2018
@davefinster FWIW, I think we came to the same conclusion here: https://github.com/ubuntu/microk8s/issues/75#issuecomment-407357469
tvansteenburgh
on 24 Jul 2018
readme was updated by #77
tvansteenburgh
on 24 Jul 2018
Related issues
cnadeau
路
4Comments
carmine
路
3Comments
alphawolf1988
路
3Comments
singram
路
4Comments
carmine
路
4Comments
Most helpful comment
I suspect we also need to run
sudo ufw default allow routedin order to enable IP forwarding. I have ufw enabled on a host and while I could ping and DNS resolve between containers, many things couldn't reach the outside world and had spotty connectivity to each other that was tricky to diagnose. Adding the above resolved it.