iptables – Disables Source NAT for Calico

The default settings that kubeadm + calico uses are NAT for all inbound connections that are not from a pod_ip.

I've published the service network on my external LAN and I want the service pods to use the actual client IPs and not translated IPs.

In particular, it adds

-A KUBE-SERVICES ! -s 172.16.0.0/16 -d 172.20.160.251/32 -p tcp -m comment --comment "telemetry/pipeline-cdn:http cluster IP" -m tcp --dport 5000 -j KUBE-MARK-MASQ

to iptables.

Although this is not an immediate problem, it does pose a risk of temporary port exhaustion and general difficulties in tracking connections and logging clients accessing my web services.

Amazon Web Services – Kube dashboard and Calico network in pending state

I follow the following blog to create a Kubernetes cluster (on AWS EC2).

https://www.edureka.co/blog/install-kubernetes-on-ubuntu

I have finished executing the commands until the master configuration. However, the Dashboard and Calico network depend on the status. Googled and found many resources that are not useful in my case, for example: Some problems were due to the unavailability of the scheduler. Here I have it. And I am very sure that I have necessarily done all these steps one after the other. Here is the result:

kubectl gets pods -o wide -all-namespaces
NAMESPACE NAME READY STATUS RESTARTS OLD IP-NODE NOMINATED NODE-READINESS-GATES

kube-system calico-kube-controller-694687c474-r55p7 0/1 Pending 0 18m                            



kube system coredns-86c58d9df4-25fxt 0/1 Pending 0 33m                            



kube system coredns-86c58d9df4-w6mfx 0/1 Pending 0 33m                            



kube system etcd-kmaster 1/1 running 0 37m 172.31.40.185 kmaster              



kube-system kube-apiserver-kmaster 1/1 Running 0 37m 172.31.40.185 kmaster              



kube-system kube-controller-manager-kmaster 1/1 Running 0 37m 172.31.40.185 kmaster              



kube-system kube-proxy-l4wr6 1/1 running 0 38m 172.31.40.185 kmaster              



kube-system kube-scheduler-kmaster 1/1 Running 0 37m 172.31.40.185 kmaster              



kube system kubernetes-dashboard-57df4db6b-s7pzt 0/1 Pending 16m                            

As you can see, it has been in Calico and Kube Dashboard status for more than 15 minutes. All other solutions / ideas would be really grateful.