Amazon EKS requires legacy iptables
Issue
- Amazon EKS requires legacy iptables which is not available on RHEL 8 anymore
- Using AWS Elastic Kubernetes Service (EKS) with
amazon-vpc-cni-k8s
which requires theiptables
kernel module - iptables are not working as expected with AWS EKS
vpc-cni
- We can not add
ip_tables
iptable_nat
iptable_mangle
modules as required by AWS EKSvpc-cni
- amazon-vpc-cni-k8s GitHub Issue #1847 - IPAMD fails to start
- amazon-vpc-cni-k8s GitHub Issue #2373 - AWS CNI failed to add chain rule for each CIDR in VPC with nf_tables mode
Environment
- Red Hat Enterprise Linux 8 and later
- Amazon Elastic Kubernetes Service (EKS)
amazon-vpc-cni-k8s
network plugin- Legacy iptables firewall
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.