Also see Runbooks

firewalld/fapolicyd

It is recommended to disable firewalld and fapolicyd:

nm-cloud-setup

If enabled, it is required to disable nm-cloud-setup and reboot the node:

make sure noexec is not used for dedicated rancher partition

If you are using a dedicated partition (/var/lib/rancher) to run K3s make sure to NOT have mounted it using noexec flag inside /etc/fstab file.

check fips mode

If you have FIPS mode enabled is necessary to disable it otherwise some of our workloads running in K3s will crash at startup. To check if FIPS is enabled run:

Open

Value of 1 means FIPS mode is enabled, in order to disable, please refer to the steps as mentioned in below article: How to disable FIPS in RHEL/CentOS

iptables

RHEL like systems have buggy version of iptables 1.8.4 which is causing issues with firewall, service routing and external network reachability as well as performance issues. It is required to configure k3s to use bundled version by modifying k3s service( same for k3s-agent service on worker nodes in HA deployments) file and adding --prefer-bundled-bin option to service’s cmd and restarting service.

If this change is done on existing system reboot is recommended to clear duplicate iptables rules.

More details can be found here - Known Issues | K3s