To work around this, I used `update-alternatives` to change iptables and ip6tables from iptables-nft to iptables-legacy. At least things function now. (I'm using docker.io and putting RKE's Kubernetes on top of it).
It appears that workaround allows the networking to properly work, and also implies that Docker is manipulating the tables using some other method than /usr/sbin/iptables (confirmed in the moby ticket below). I tried starting dockerd with iptables=false, but Kubernetes really needs thorough networking to function. Related tickets: https://github.com/moby/moby/issues/26824 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921600 https://github.com/kubernetes/kubernetes/issues/71305#issuecomment-457573867 https://github.com/kubernetes/kubernetes/pull/82966 ** Bug watch added: github.com/moby/moby/issues #26824 https://github.com/moby/moby/issues/26824 ** Bug watch added: Debian Bug tracker #921600 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921600 ** Bug watch added: github.com/kubernetes/kubernetes/issues #71305 https://github.com/kubernetes/kubernetes/issues/71305 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1903420 Title: Qemu clients lose Internet access on upgrade to Groovy Gorilla To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/docker/+bug/1903420/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs