Minikube VM is missing a Netfilter xt_socket module required for Transparent Proxying (TPROXY)
#3713
Labels
area/guest-vm
General configuration issues with the minikube guest VM
kind/feature
Categorizes issue or PR as related to a new feature.
priority/important-soon
Must be staffed and worked on either currently, or very soon, ideally in time for the next release.
Milestone
Comments
|
I've prepared a PR to fix it - #3712 |
|
I think providing support for Istio is on the wish list, so if the kernel config change fixes that... https://istio.io/docs/setup/kubernetes/ For some reason this setting was removed with the kernel upgrade, but doesn't say why ? |
afbjorklund
added
the
area/guest-vm
tstromberg
added
the
kind/feature
|
We will add this to the next ISO build/release. Hopefully it doesn't break anything else. |
|
Thank you! |
tstromberg
added
the
priority/important-soon
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Transparent Proxying (TPROXY) is a feature of Linux Kernel that is used by Service Meshes, such as Istio or Kong, to "intercept" traffic in a side car process.
According to Kernel documentation, Transparent Proxying requires 2
Netfiltermodules to be present:NETFILTER_XT_TARGET_TPROXYNETFILTER_XT_MATCH_SOCKETAt the moment,
Minikube VMcomes only withNETFILTER_XT_TARGET_TPROXYmodule and is missingNETFILTER_XT_MATCH_SOCKET.How to reproduce
minikube sshsudo iptables -t mangle -N TPROXY_ISSUEsudo iptables -t mangle -A TPROXY_ISSUE -p tcp -m socket -j RETURNThe last command will fail with an error message
iptables: No chain/target/match by that name.Reproducible on
v0.33.1
The text was updated successfully, but these errors were encountered: