Can't install Kubernetes on Vagrant

10
votes

Use this guide to install Kubernetes on Vagrant cluster:

https://kubernetes.io/docs/getting-started-guides/kubeadm/

At (2/4) Initializing your master, there came some errors:

[root@localhost ~]# kubeadm init
[kubeadm] WARNING: kubeadm is in beta, please do not use it for production clusters.
[init] Using Kubernetes version: v1.6.4
[init] Using Authorization mode: RBAC
[preflight] Running pre-flight checks
[preflight] Some fatal errors occurred:
    /proc/sys/net/bridge/bridge-nf-call-iptables contents are not set to 1
[preflight] If you know what you are doing, you can skip pre-flight checks with `--skip-preflight-checks`

I checked the /proc/sys/net/bridge/bridge-nf-call-iptables file content, there is only one 0 in it.

At (3/4) Installing a pod network, I downloaded kube-flannel file:

https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

And run kubectl apply -f kube-flannel.yml, got error:

[root@localhost ~]# kubectl apply -f kube-flannel.yml
The connection to the server localhost:8080 was refused - did you specify the right host or port?

Until here, I don't know how to goon.

My Vagrantfile:

  # Master Server
  config.vm.define "master", primary: true do |master|
    master.vm.network :private_network, ip: "192.168.33.200"
    master.vm.network :forwarded_port, guest: 22, host: 1234, id: 'ssh'
  end
4
dockervagrantvirtualboxkubernetes
Is that the full Vagrantfile that someone could use to reproduce the issue? Specifically, it is not clear what base image you are using. Also, what other commands were run after kubeadm init? If you could clarify this in your question so it is easier to reproduce that would be helpful.Andy Shinn
Did you successfully install master using kubeadm init ? Did you export the location on the KUBECONFIG file as specified in the doc you mentioned?chaitu kopparthi
@AndyShinn @chaitukopparthi kubeadm init was okay. It generated a token, too. But now the problem is that can't join to master host from nodes hosts. I created a new question here: stackoverflow.com/questions/44132179/…cloud_cloud

4 Answers

21
votes

In order to set /proc/sys/net/bridge/bridge-nf-call-iptables by editing /etc/sysctl.conf. There you can add [1]

net.bridge.bridge-nf-call-iptables = 1

Then execute 

sudo sysctl -p

And the changes will be applied. With this the pre-flight check should pass.

[1] http://wiki.libvirt.org/page/Net.bridge.bridge-nf-call_and_sysctl.conf

15
votes

Update @2019/09/02

Sometimes modprobe br_netfilter is unreliable, you may need to redo it after relogin, so use the following instead when on a systemd sytem:

echo br_netfilter > /etc/modules-load.d/br_netfilter.conf
systemctl restart systemd-modules-load.service
echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
echo 1 > /proc/sys/net/bridge/bridge-nf-call-ip6tables

YES, the accepted answer is right, but I faced with

cannot stat /proc/sys/net/bridge/bridge-nf-call-ip6tables: No such file or directory

So I did 

modprobe br_netfilter

echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
echo 1 > /proc/sys/net/bridge/bridge-nf-call-ip6tables
sudo sysctl -p

Then solved.

2
votes

On Ubuntu 16.04 I just had to:

modprobe br_netfilter

Default value in /proc/sys/net/bridge/bridge-nf-call-iptables is already 1.

Then I added br_netfilter to /etc/modules to load the module automatically on next boot.

1
votes

As mentioned in K8s docs - Installing kubeadm under the Letting iptables see bridged traffic section:

Make sure that the br_netfilter module is loaded. This can be done by running lsmod | grep br_netfilter.
To load it explicitly call sudo modprobe br_netfilter.

As a requirement for your Linux Node's iptables to correctly see bridged traffic, you should ensure net.bridge.bridge-nf-call-iptables is set to 1 in your sysctl config, e.g.

cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sudo sysctl --system

Regardng the preflight erros - you can see in Kubeadm Implementation details under the preflight-checks:

Kubeadm executes a set of preflight checks before starting the init, with the aim to verify preconditions and avoid common cluster startup problems..

The following missing configurations will produce errors:

.
.
if /proc/sys/net/bridge/bridge-nf-call-iptables file does not exist/does not contain 1

if advertise address is ipv6 and /proc/sys/net/bridge/bridge-nf-call-ip6tables does not exist/does not contain 1.

if swap is on
.
.