Kubernetes: Difference between revisions
imported>Lb5tr m Add a note about default firewall rules interfering with network communication within the cluster. |
imported>Lb5tr No edit summary |
||
| Line 12: | Line 12: | ||
* this is probably not best-practice | * this is probably not best-practice | ||
** for a production-grade cluster you shouldn't use <code>easyCerts</code> | ** for a production-grade cluster you shouldn't use <code>easyCerts</code> | ||
* If you experience inability to reach service CIDR from pods, disable firewall via <code>networking.firewall.enable = false;</code> or otherwise make sure that it doesn't interfere with packet forwarding. | |||
* Make sure to set <code>docker0</code> in promiscuous mode <code>ip link set docker0 promisc on</code> | |||
=== Master === | === Master === | ||