Pod creation fails due to: chain 'KUBE-MARK-MASQ' does not exist #30666
Closed
Description
Is there an existing issue for this?
- I have searched the existing issues
What happened?
with kubernetes v1.28.2
created with kubeadm init --skip-phases=addon/kube-proxy
cillium will install just fine
ℹ️ Using Cilium version 1.15.0
🔮 Auto-detected cluster name: kubernetes
🔮 Auto-detected kube-proxy has not been installed
ℹ️ Cilium will fully replace all functionalities of kube-proxy
however, during cilium connectivity test
it still tries to use the chains created by kubeproxy, which of course now dont exist.
Warning FailedCreatePodSandBox 8s (x4 over 48s) kubelet (combined from similar events): Failed to create pod sandbox: rpc error: code = Unknown desc = failed to add hostport mapping for sandbox k8s_echo-same-node-c74f867d5-9777z_cilium-test_8a6abf6c-dadb-4107-b1da-01fbcf921038_0(6609ff9b9559da5bc5b42be1ebcc4aba4d037ac8816076b019017eb7f344a69c): failed to execute iptables-restore: exit status 2 (iptables-restore v1.8.9 (nf_tables): Chain 'KUBE-MARK-MASQ' does not exist
Cilium Version
cilium-cli: v0.15.22 compiled with go1.21.6 on linux/amd64
cilium image (default): v1.15.0
cilium image (stable): v1.14.6
cilium image (running): 1.15.0
Kernel Version
6.1.0-17-amd64
Kubernetes Version
v1.28.2
Sysdump
cilium-sysdump-20240207-174656.zip
Relevant log output
No response
Anything else?
No response
Code of Conduct
- I agree to follow this project's Code of Conduct
Metadata
Assignees
Labels
This is a bug in the Cilium logic.This was reported by a user in the Cilium community, eg via Slack.This functionality worked fine before, but was broken in a newer release of Cilium.This issue requires triaging to establish severity and next steps.Impacts bpf/ or low-level forwarding details, including map management and monitor messages.Impacts the kubernetes API, or kubernetes -> cilium internals translation layers.
Activity