This is a very familiar song and dance at this point.
Easily reproducible, if you create something like a daemonset or replication controller and delete and recreate it, the k8s-controller, weave, and iptables trifecta gets out of sync. Service endpoints go missing or don't route and things start misbehaving.
This hinges on an undocumented networking settings (/proc/sys/net/bridge/bridge-nf-call-iptables) that the Weave minor release (1.7.1) now configures on behalf of the user where as it didn't before.
https://github.com/weaveworks/weave-kube/issues/21 https://github.com/weaveworks/weave-kube/pull/22 -- "Fixed a bug in weave-kube where Kubernetes services were inaccessible on CentOS 7"
This is a very familiar song and dance at this point.
Easily reproducible, if you create something like a daemonset or replication controller and delete and recreate it, the k8s-controller, weave, and iptables trifecta gets out of sync. Service endpoints go missing or don't route and things start misbehaving.
This hinges on an undocumented networking settings (
/proc/sys/net/bridge/bridge-nf-call-iptables) that the Weave minor release (1.7.1) now configures on behalf of the user where as it didn't before.This is a classic bug.