Telepresence's new version v2.6.x doesn't work in colima

[ventsislav-georgiev]

This project https://github.com/telepresenceio/telepresence allows for a pod/deployment in the cluster to forward all traffic to instance running on localhost. It seems to do it using sidecar container with iptables config.

Since updating telepresence to v2.6.x it stopped working and its container gives the following error on startup:

info    Traffic Agent Init v2.6.2
error   failed to clear chain TEL_INBOUND_TCP: running [/sbin/iptables -t nat -N TEL_INBOUND_TCP --wait]: exit status 3: iptables v1.8.7 (legacy): can't initialize iptables table `nat': iptables who? (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded.
error   quit: failed to clear chain TEL_INBOUND_TCP: running [/sbin/iptables -t nat -N TEL_INBOUND_TCP --wait]: exit status 3: iptables v1.8.7 (legacy): can't initialize iptables table `nat': iptables who? (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded.

I've tried one solution found from searching for the error. Running colima ssh and then:

sudo modprobe ip_tables
sudo echo 'ip_tables' >> /etc/modules

But it didn't help.

Any clue what is causing this and how to fix it?

[abiosoft]

@ventsislav-georgiev can you upgrade to latest development version brew install --HEAD colima and see if changes anything?

PS: you can always experiment with a separate profile e.g. colima start test

[ventsislav-georgiev]

Got the same error when using brew install --HEAD colima.

[ventsislav-georgiev]

After more testing it seems to be an issue with telepresence v2.6 version: https://github.com/telepresenceio/telepresence/issues/2596

[thallgren]

Telepresence 2.6.x versions will use iptables in places where older versions didn't. That's why this problem surfaces in 2.6.x.

Telepresence 2.6.x runs fine with colima on my powerbook (amd64), but the exact same setup fails on my M1.

[thallgren]

Any reason why iptables doesn't work in Colima when using the arm architecture?

[ventsislav-georgiev]

@abiosoft starting colima has the following error msg:

msg="[hostagent] failed to parse macOS version \"12.4\": 12.4 is not in dotted-tri format"

although its probably not related to the iptables issue

[abiosoft]

@ventsislav-georgiev it's a Lima issue that has been fixed https://github.com/lima-vm/lima/pull/869 https://github.com/lima-vm/lima/issues/868.

I am not sure if the fix has been released yet, but you can brew install --head lima for the meantime.

[ventsislav-georgiev]

@abiosoft who can help with this issue regarding the iptables on M1, should we create issue for lima-vm?

[abiosoft]

@ventsislav-georgiev I am not sure it's a Lima issue, I am suspecting Alpine. I would have to do some tests to pinpoint the issue but it would take a day or two before I have time for proper troubleshooting.

[ventsislav-georgiev]

@abiosoft any progress or anything I can do to help?

[abiosoft]

Trying to get my hands on an M1 device, this should happen this week. Emulating aarch64 is too slow on my Intel Mac to do anything meaningful with kubernetes.

[rfay]

There are a couple fairly easy ways to do this. MacStadium offers an open-source machine, https://www.macstadium.com/opensource - they've been providing one to DDEV that is used for tests. Also Scaleway has M1 machines that you only have to rent for 24 hours, fair price. https://www.scaleway.com/en/

[ventsislav-georgiev]

FYI same issue in different projects: https://github.com/wojas/docker-mac-network/issues/16 https://github.com/nginxinc/nginx-service-mesh/issues/35

[abiosoft]

@rfay thanks for the suggestions, I successfully got a free open source machine from macStadium. @ventsislav-georgiev I am still troubleshooting this.