Skip to content
This repository has been archived by the owner on Jun 20, 2024. It is now read-only.

/proc/sys/net/bridge/bridge-nf-call-iptables not found #2789

Closed
cwhenderson20 opened this issue Feb 10, 2017 · 10 comments
Closed

/proc/sys/net/bridge/bridge-nf-call-iptables not found #2789

cwhenderson20 opened this issue Feb 10, 2017 · 10 comments
Milestone
n/a

Comments

@cwhenderson20
Copy link

Hello all. I'll do my best to describe this problem, but I don't know much about Weave and am relatively new to Kubernetes in general.

I am using Weave with Kubernetes 1.5.2 (set up via kops) on Debian (AWS). The weave image is weaveworks/weave-kube:1.8.2.

I'm experiencing an issue where one of my Weave pods will not properly start and gets stuck in a CrashLookBackoff. I am using the private topology feature of kops, so all of my main nodes and masters are in private subnets. I have also added a public subnetted instance group whose purpose is to serve as ingress nodes to route traffic to the private nodes via nginx ingress controllers.

On all of the private nodes, Weave works as expected. However, on the public node, the Weave pod crashes constantly. The only item in the log for the weave container of the Weave pod is this:

/proc/sys/net/bridge/bridge-nf-call-iptables not found

I'm not sure what other detail to include, so if there anything specific that would help debug this, please let me know and I will provide as much as possible.
@brb
Copy link
Contributor

brb commented Feb 10, 2017

@cwhenderson20 The newest Weave Net release (1.9.0) made /proc/sys/net/bridge/bridge-nf-call-iptables optional (see #2581), so upgrading Weave should fix your problem.

Any idea why /proc/sys/net/bridge/bridge-nf-call-iptables is not available on your public instance?

@cwhenderson20
Copy link
Author

@brb I'm using kops to set up Kubernetes, so upgrading weave isn't trivial. Fortunately, destroying and recreating the node seemed to fix the issue, but I have no clue as to why. Feel free to close this issue if you don't believe it warrants further investigation.

Thanks!

@brb
Copy link
Contributor

brb commented Feb 16, 2017

Thanks for letting us know.

@brb
Copy link
Contributor

brb commented Feb 17, 2017

@chrislovecnm Any idea why /proc/sys/net/bridge/bridge-nf-call-iptables is not available?

@chrislovecnm
Copy link

Have not seen this behavior. How is that bridge components created?

What OS is being used?

@cwhenderson20
Copy link
Author

@chrislovecnm kops set it up automatically when I chose weave as the cni plugin. It's also using the standard kops OS, so Debian Jessie I believe.

@chrislovecnm
Copy link

@brb is that a kernel option that was missed?

@bboreham
Copy link
Contributor

@chrislovecnm we are aware of one scenario where this file (sysctl) is not present; it is described in #2726. But there could be another reason, hence #2789 (comment)

@brb
Copy link
Contributor

brb commented Feb 23, 2017

@chrislovecnm /proc/sys/net/bridge/bridge-nf-call-iptables is exported by the br_netfilter kernel module.

I am closing this issue. If you find more information / evidence, please re-open the issue. Thanks.

@brb brb closed this as completed Feb 23, 2017
@brb brb added this to the n/a milestone Feb 23, 2017
@xingjinglu
Copy link

br_netfilter

@brb Your advice worked. Thanks.

modprobe br_netfilter

@aojea aojea mentioned this issue Feb 21, 2019
Closed
pioka added a commit to pioka/hctool-practice that referenced this issue Nov 3, 2020
@pioka
Fix: bridge有効化できない問題修正
1eaf342 
参考: weaveworks/weave#2789
@vsoch vsoch mentioned this issue Aug 28, 2023
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
n/a
Development

No branches or pull requests
5 participants
@brb @chrislovecnm @cwhenderson20 @xingjinglu @bboreham