After setting up my Kubernetes master and adding a couple of nodes to it, I ran into an issue where the pods on one node could not communicate with pods on another node. I had assumed installing Flannel would handle this, but apparently it did not enable packet forwarding in the kernel or add the appropriate IP tables rules. This cause Kube-lego to not work correctly when running on a node and not the master.

It wasn’t super obvious at first but after a quick poke around I ran into someone that had the same issue here and provided the fix (which is obviously to enable forwarding).

To save you time here are the steps you need to take:

1
2
3
4
5
6
7
8
1. Make sure the ip-forward enabled on the linux kernel of every node. Just execute command:
$ sysctl net.ipv4.conf.all.forwarding = 1

2. Ensure the following is enabled in your /etc/sysctl.conf file:
net.ipv4.conf.all.forwarding = 1

3. Set the default policy of the FORWARD chain to ACCEPT:
$ sudo iptables -P FORWARD ACCEPT