Add ufw to known issues

t0xicCode · t0xicCode · commit 65230c56dc42 · 2020-10-04T11:53:40.000-04:00
Addresses k3s-io/k3s#2059 by adding information on the modifications needed to run k3s with ufw enabled Signed-off-by: t0xicCode <xavier.l@magnax.ca>
diff --git a/content/k3s/latest/en/known-issues/_index.md b/content/k3s/latest/en/known-issues/_index.md
@@ -15,3 +15,12 @@ If you are running iptables in nftables mode instead of legacy you might encount
 **RootlessKit**
 
 Running K3s with RootlessKit is experimental and has several [known issues.]({{<baseurl>}}/k3s/latest/en/advanced/#known-issues-with-rootlesskit)
+
+**Ufw**
+
+UFW firewall rules are evaluated prior to the kube-proxy rules, so traffic to cluster services can be blocked. Traffic from the service and pod networks should be allowed in ufw to ensure that the kube-proxy rules are evaluated. Given the default values, the following will allow traffic from those network through the ufw portion, before reaching the kube-proxy rules.
+
+```
+sudo ufw allow from 10.42.0.0/16 to any
+sudo ufw allow from 10.43.0.0/16 to any
+```
