Currently i want to install microk8s on Ubuntu 18.04 Server with firewall-cmd as firewall configurator. I get an error in the kubedns pod while enabling dns:
k8s.io/dns/pkg/dns/dns.go:147: Failed to list *v1.Endpoints: Get https://10.152.183.1:443/api/v1/endpoints?resourceVersion=0: dial tcp 10.152.183.1:443: getsockopt: no route to host
If i remove all rules from the iptables it seems to work but this isn't a solution at all.
Is there any advice how i need to configure firewall-cmd? I only found instructions for ufw :/
alphawolf1988
All 3 comments
Ok i could solve my problem. The network interface cbr0 (Created after first service deployment) needs to be added to the trusted zone:
sudo firewall-cmd --zone=trusted --add-interface=cbr0 --permanent
sudo firewall-cmd --reload
alphawolf1988
on 4 Apr 2019
In my case, the trusted zone also need to enable IP forwarding/masquerade. Hope it helps.
sudo firewall-cmd --zone=trusted --add-masquerade --permanent
sudo firewall-cmd --zone=trusted --add-interface=cbr0 --permanent
sudo firewall-cmd --reload
haphan
on 8 Jul 2019
On CentOS 8 for whatever reason my bridge interface was called cni0 so it was:
sudo firewall-cmd --zone=trusted --add-masquerade --permanent
sudo firewall-cmd --zone=trusted --add-interface=cni0 --permanent
sudo firewall-cmd --reload
for me.
NoxHarmonium
on 2 Feb 2020
Related issues
devbharat
路
3Comments
ceefour
路
3Comments
linxuyalun
路
3Comments
carmine
路
3Comments
cnadeau
路
4Comments
Most helpful comment
Ok i could solve my problem. The network interface cbr0 (Created after first service deployment) needs to be added to the trusted zone:
sudo firewall-cmd --zone=trusted --add-interface=cbr0 --permanent
sudo firewall-cmd --reload