atomlab/talos_nft_list_ruleset_issue_fix.md

Last active February 20, 2025 19:59

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/atomlab/59000e4bf245e367b9d7af156d357c75.js"></script>
Save atomlab/59000e4bf245e367b9d7af156d357c75 to your computer and use it in GitHub Desktop.

Download ZIP

Talos. nft list ruleset. netlink: Error: cache initialization failed: Operation not permitted

Raw

talos_nft_list_ruleset_issue_fix.md

Encountered an error in Talos when running nft list ruleset

% kubectl debug -n kube-system -it --image alpine node/$NODE
/ # apk add nftables
/ # nft list ruleset
netlink: Error: cache initialization failed: Operation not permitted

The issue was related to security capabilities and was resolved by using --profile=sysadmin:

% kubectl debug -n kube-system --profile=sysadmin -it --image alpine node/$NODE
/ # apk add nftables
/ # nft list ruleset
table ip mangle {
        chain KUBE-IPTABLES-HINT {
        }
}
table inet talos {
...
}