From 65230c56dc42920ed854c40208de6d55da60ba0b Mon Sep 17 00:00:00 2001 From: Xavier L Date: Sun, 4 Oct 2020 11:41:47 -0400 Subject: [PATCH] Add ufw to known issues Addresses rancher/k3s#2059 by adding information on the modifications needed to run k3s with ufw enabled Signed-off-by: t0xicCode --- content/k3s/latest/en/known-issues/_index.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/content/k3s/latest/en/known-issues/_index.md b/content/k3s/latest/en/known-issues/_index.md index 8107e8a745..86991f2127 100644 --- a/content/k3s/latest/en/known-issues/_index.md +++ b/content/k3s/latest/en/known-issues/_index.md @@ -15,3 +15,12 @@ If you are running iptables in nftables mode instead of legacy you might encount **RootlessKit** Running K3s with RootlessKit is experimental and has several [known issues.]({{}}/k3s/latest/en/advanced/#known-issues-with-rootlesskit) + +**Ufw** + +UFW firewall rules are evaluated prior to the kube-proxy rules, so traffic to cluster services can be blocked. Traffic from the service and pod networks should be allowed in ufw to ensure that the kube-proxy rules are evaluated. Given the default values, the following will allow traffic from those network through the ufw portion, before reaching the kube-proxy rules. + +``` +sudo ufw allow from 10.42.0.0/16 to any +sudo ufw allow from 10.43.0.0/16 to any +```