This appears to be a bug with Ubuntu, not Kubernetes. Kube-proxy is
reponsible for managing these rules.
The rules inside the container appear fine even though they show an
error on the host.
On the host:
```
root@docker1:~# iptables-save | grep AAAREDACTED1
:KUBE-SEP-AAAREDACTED1 - [0:0]
-A KU
This does not happen with the standard Linux kernel:
```
root@docker1:~# uname -a
Linux cntest13 4.15.0-118-generic #119-Ubuntu SMP Tue Sep 8 12:30:01 UTC 2020
x86_64 x86_64 x86_64 GNU/Linux
root@docker1:~# iptables-save |grep unsupported
root@docker1:~#
```
As a workaround, we have deinstalled
One real question here:
Why does iptables behave differently when the HWE kernel v5 is installed
instead of the standard Kernel v4. Is it possible to use a configuration
option to prevent the `[unsupported revision]` errors?
--
You received this bug notification because you are a member of Ubunt
I know it's been a long time, but can you still get to the version of
iptables that's running inside the k8s pod that is inserting these
rules? I assume it was kube-router?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.l
I reproduced it in bionic with hwe kernel, and a privileged docker
container with iptables 1.8.3, with host networking. Didn't try other
versions yet.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1899
It looks like the version was iptables v1.8.3 according to my comment at
[1]
```
root@kube-proxy:/# iptables-save --version
iptables-save v1.8.3 (legacy)
root@kube-proxy:/#
```
[1]
https://github.com/kubernetes/kubernetes/issues/95409#issuecomment-706472275
** Bug watch added: github.com/kubern
