-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Calico node error - iptables-legacy-save command failed #8831
Comments
Please share your thoughts on this. We are currently blocked from upgrading to EKS 1.29 due to this issue. |
What Linux distro/version do you use? Does it have (proper) support for iptables? |
we create cluster on ami which is amazon-linux-2-arm64 AMI |
The actual AMIs which are in question here are the Optimized EKS ones (such as All versions of these AMIs (even the x86/AMD64 ones) have the same version of iptables (v1.8.4):
So I don't think this would be related to the version of iptables. The same commands work on much older 1.26 ARM instances (which work with earlier versions of Calico).
|
@jonathan-hurley the function in question ( Would it be possible to upgrade iptables to v1.8.8 in your instances? Alternatively, calico pre-v3.27.2 should be using iptables v1.8.4, could you try that and see if the issue is resolved? (not ideal, but this would at least help diagnose this) |
Amazon EKS optimized images have always used 1.8.4; we do not have the option to change this. We must use the latest versions of Calico in order to resolve CVEs. |
Expected Behavior
Current Behavior
panic which i observed that its failing to save iptables rules causing pods to crash.
calico-node pod log -
checked cni.log . could see only below error are
while exec into pod iptables cmd is not executing
Possible Solution
Steps to Reproduce (for bugs)
Context
Your Environment
The text was updated successfully, but these errors were encountered: