Hi!
(Hmmmm: this seems somewhat related to this topic.)
I just wanted to spin up a quick Rancher server through Docker, however the container ignores my current net.netfilter.nf_conntrack_max setting which is currently set to 524288 (net.netfilter.nf_conntrack_max = 524288). The “closing” log lines look like:
I0830 07:20:54.939399 31 node.go:136] Successfully retrieved node IP: 172.17.0.2
I0830 07:20:54.939433 31 server_others.go:143] kube-proxy node IP is an IPv4 address (172.17.0.2), assume IPv4 operation
I0830 07:20:54.940737 31 server_others.go:186] Using iptables Proxier.
I0830 07:20:54.941232 31 server.go:650] Version: v1.19.8+k3s1
I0830 07:20:54.941806 31 conntrack.go:103] Set sysctl 'net/netfilter/nf_conntrack_max' to 131072
F0830 07:20:54.941829 31 server.go:495] open /proc/sys/net/netfilter/nf_conntrack_max: permission denied
2021/08/30 07:20:54 [FATAL] k3s exited with: exit status 1
The startup command is the “plain vanilla”:
sudo docker run -d --restart=unless-stopped -p 80:80 -p 443:443 --privileged rancher/rancher
OS: Ubuntu 20.04 Desktop (Linux 5.11.0-27-generic #29~20.04.1-Ubuntu SMP)
What am I missing here?