I found this while looking into why my kubelet logs are full of this:
I1111 18:53:57.189370 1925 kubelet_network_linux.go:111] Not using `--random-fully` in the MASQUERADE rule for iptables because the local version of iptables does not support it
I1111 18:54:57.230925 1925 kubelet_network_linux.go:111] Not using `--random-fully` in the MASQUERADE rule for iptables because the local version of iptables does not support it
I1111 18:55:57.269746 1925 kubelet_network_linux.go:111] Not using `--random-fully` in the MASQUERADE rule for iptables because the local version of iptables does not support it
I1111 18:56:57.315703 1925 kubelet_network_linux.go:111] Not using `--random-fully` in the MASQUERADE rule for iptables because the local version of iptables does not support it
Look into applying this patch to the packaged version of iptables and see if the error goes away (and, incidentally, if performance gets any better on the cluster).
This is an interesting read: https://tech.xing.com/a-reason-for-unexplained-connection-timeouts-on-kubernetes-docker-abd041cf7e02
I found this while looking into why my kubelet logs are full of this:
Apparently,
--random-fullyis patched into iptables, and it isn't in our version. The patch (https://git.netfilter.org/iptables/commit/?id=8b0da2130b8af3890ef20afb2305f11224bb39ec) seems simple enough; it's just passing through stuff to the kernel via flags that are now set in response to the new--random-fullyCLI option.Look into applying this patch to the packaged version of iptables and see if the error goes away (and, incidentally, if performance gets any better on the cluster).