-
-
Notifications
You must be signed in to change notification settings - Fork 520
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
netbird 0.32.0 breaks K3s 1.32.2+k3s1 with flannel due to iptables conflicts #2926
Comments
BTW: This is a long-standing problem, I just had no time to report it earlier. |
Hi @christian-schlichtherle, can you post your iptables/nftables before and after your workaround?
You might need to install |
@lixmal I have run these commands. Unfortunately, the output reveals too much sensitive information to share it here, but in order to have a meaningful diff, I processed the output as follows:
This results in a bunch of Another mistake I have done in my original posting is to say that a restart of the netbird service breaks Summing it up, a restart of the netbird service does break flannel, although the information given in my original posting is not exactly correct. I hope this information helps to reproduce the issue. |
Describe the problem
We're operating an IoT project where some K3s nodes are placed at customer premises. So we are installing Netbird 0.32.0 on each node first and then install K3s v1.32.2+k3s1 using flannel next. When installing k3s, we are providing
flannel-iface=wt0
to tell it to use the Netbird interface for node-to-node communication.This works great to some extent but there is a problem: When the Netbird service starts, it sets up its iptables rules. Also, flannel sets up its iptables rules. However, there seem to be conflicts in those rules, resulting in communication being broken after every restart of the Netbird service, e.g. when installing an upgrade. As a workaround, I have to restart the k3s(-agent) service after every restart of the Netbird service.
Summing it up, to restart all Netbird services in the cluster, I have to do something like this:
As you can imagine, this is not a sustainable solution, just a hacky workaround.
Is this a known issue? What are my options? Wait for a fix or try another CNI like cilium?
To Reproduce
Steps to reproduce the behavior:
kubectl logs <any-pod>
anymore.Expected behavior
Not breaking the in-cluster communication by leaving flannel's iptable rules alone.
Are you using NetBird Cloud?
Yes
NetBird version
0.32.0
NetBird status -dA output:
n/a
Do you face any (non-mobile) client issues?
Yes.
Screenshots
n/a
Additional context
See above.
The text was updated successfully, but these errors were encountered: