-
Bug
-
Resolution: Done
-
Major
-
maistra-0.6.0
-
None
-
RC1
I have been testing Knative 0.5 that is using Maistra 0.6 and the istio-init container fails to start when Istio is trying to create the sidecar. This happens for knative activator and autoscaler which fail to start then.
The istio-init container logs show this:
Environment: ------------ ENVOY_PORT= ISTIO_INBOUND_INTERCEPTION_MODE= ISTIO_INBOUND_TPROXY_MARK= ISTIO_INBOUND_TPROXY_ROUTE_TABLE= ISTIO_INBOUND_PORTS= ISTIO_LOCAL_EXCLUDE_PORTS= ISTIO_SERVICE_CIDR= ISTIO_SERVICE_EXCLUDE_CIDR= Variables: ---------- PROXY_PORT=15001 INBOUND_CAPTURE_PORT=15001 PROXY_UID=1337 INBOUND_INTERCEPTION_MODE=REDIRECT INBOUND_TPROXY_MARK=1337 INBOUND_TPROXY_ROUTE_TABLE=133 INBOUND_PORTS_INCLUDE=8012,8013,9090 INBOUND_PORTS_EXCLUDE= OUTBOUND_IP_RANGES_INCLUDE=* OUTBOUND_IP_RANGES_EXCLUDE= + iptables -t nat -N ISTIO_REDIRECT iptables v1.6.0: can't initialize iptables table `nat': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. + dump + iptables-save
The iptables kernel module is missing in the latest OpenShift 4.1 installation. Here are the relevant changes that already appeared in OpenShift CI so our tests on 4.1 started to fail:
https://gitlab.cee.redhat.com/coreos/redhat-coreos/merge_requests/207
https://github.com/openshift/origin/pull/22376
Knative test run that shows this problem: https://openshift-gce-devel.appspot.com/build/origin-ci-test/pr-logs/pull/openshift_release/3678/rehearse-3678-pull-ci-openshift-knative-serving-release-next-e2e/4
Related discussion on #forum-sdn slack: https://coreos.slack.com/archives/CDCP2LA9L/p1556895088320300