This appears to be a bug with Ubuntu, not Kubernetes. Kube-proxy is reponsible for managing these rules.
The rules inside the container appear fine even though they show an error on the host.
On the host:
``` root@docker1:~# iptables-save | grep AAAREDACTED1 :KUBE-SEP-AAAREDACTED1 - [0:0] -A KUBE-SEP-AAAREDACTED1 -s 10.99.99.190/32 -j KUBE-MARK-MASQ -A KUBE-SEP-AAAREDACTED1 -p tcp -m tcp -j DNAT [unsupported revision] -A KUBE-SVC-123REDACTEDABC -j KUBE-SEP-AAAREDACTED1 root@docker1:/# ```
Inside the container:
``` root@docker1:~# docker exec -it kube-proxy bash root@docker1:/# iptables-save | grep AAAREDACTED1 :KUBE-SEP-AAAREDACTED1 - [0:0] -A KUBE-SEP-AAAREDACTED1 -s 10.99.99.190/32 -j KUBE-MARK-MASQ -A KUBE-SEP-AAAREDACTED1 -p tcp -m tcp -j DNAT --to-destination 10.99.99.190:24231 -A KUBE-SVC-123REDACTEDABC -j KUBE-SEP-AAAREDACTED1 root@docker1:/# ```
This appears to be a bug with Ubuntu, not Kubernetes. Kube-proxy is reponsible for managing these rules.
The rules inside the container appear fine even though they show an error on the host.
On the host:
``` AAAREDACTED1 - [0:0] AAAREDACTED1 -s 10.99.99.190/32 -j KUBE-MARK-MASQ AAAREDACTED1 -p tcp -m tcp -j DNAT [unsupported revision] 123REDACTEDABC -j KUBE-SEP- AAAREDACTED1
root@docker1:~# iptables-save | grep AAAREDACTED1
:KUBE-SEP-
-A KUBE-SEP-
-A KUBE-SEP-
-A KUBE-SVC-
root@docker1:/#
```
Inside the container:
``` AAAREDACTED1 - [0:0] AAAREDACTED1 -s 10.99.99.190/32 -j KUBE-MARK-MASQ AAAREDACTED1 -p tcp -m tcp -j DNAT --to-destination 10.99.99.190:24231 123REDACTEDABC -j KUBE-SEP- AAAREDACTED1
root@docker1:~# docker exec -it kube-proxy bash
root@docker1:/# iptables-save | grep AAAREDACTED1
:KUBE-SEP-
-A KUBE-SEP-
-A KUBE-SEP-
-A KUBE-SVC-
root@docker1:/#
```