Hi, I am seeing some aux/iptables errors when check the K3s config

k3s check-config

what does these errors exactly mean should is solve this and if so how? I am running k3s on Debian 11 bullseye with 3 masters (etcd).

root:# k3s check-config

Verifying binaries in /var/lib/rancher/k3s/data/2ef87ff954adbb390309ce4dc07500f29c319f84feec1719bfb5059c8808ec6a/bin:
- sha256sum: good
- links: aux/ip6tables should link to iptables-detect.sh (fail)
- links: aux/ip6tables-restore should link to iptables-detect.sh (fail)
- links: aux/ip6tables-save should link to iptables-detect.sh (fail)
- links: aux/iptables should link to iptables-detect.sh (fail)
- links: aux/iptables-restore should link to iptables-detect.sh (fail)
- links: aux/iptables-save should link to iptables-detect.sh (fail)
....
STATUS: 6 (fail)

See https://docs.k3s.io/advanced#additional-preparation-for-debian-buster-based-distributions

Thanks, but in the docs I read its for "Debian Buster" I am running Debian Bullseye

What version of the iptables do you have though? It applies to every OS that is running version 1.8.0-1.8.4

I did a clean installation of Debian 11 and looks like there is no iptables packages installed at all.

which iptables

gives me no result. Is Iptables required for K3s?

Then you are fine, K3s bundles its own version of iptables, its just using that

Ok thanks! so then I just ignore these 6 FAIL messages

Yeah you can ignore those 6 FAILS. If you want to see all the iptables rules that k3s makes, you can always use

sudo /var/lib/rancher/k3s/data/current/bin/aux/iptables -L

. This would be a good thing to improve IMO about the k3s check-config. I think a warning about "k3s is using embedded iptables" would be better than 6 FAILS.