Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

iptables switch for docker #1059

Merged
merged 2 commits into from
Feb 22, 2017
Merged

iptables switch for docker #1059

merged 2 commits into from
Feb 22, 2017

Conversation

holser
Copy link
Contributor

@holser holser commented Feb 21, 2017
edited
Loading 

Statically disable iptables management for docker

Docker 1.13 changes the behaviour of iptables defaults from allow
to drop. This patch disables docker's iptables management as it was
in Docker 1.12 [1]

[1] https://github.com/docker/docker/pull/28257

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Feb 21, 2017
mattymo
mattymo reviewed Feb 21, 2017
View reviewed changes
inventory/group_vars/all.yml Outdated
@@ -191,11 +191,13 @@ dns_server: "{{ kube_service_addresses|ipaddr('net')|ipaddr(2)|ipaddr('address')
# Path used to store Docker data
docker_daemon_graph: "/var/lib/docker"

docker_iptables: false
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's not how all.yml file works. We don't stuff every possible option here. We only put the ones users are likely to want to change. Please move it to roles/docker/defaults/main.yml and default to false. It actually breaks deployments when set to true, so I doubt we want to invite users to re-enable it.

mattymo
mattymo suggested changes Feb 21, 2017
View reviewed changes
Copy link
Contributor

@mattymo mattymo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Move to roles/docker/defaults/main.yml

@mattymo
Copy link
Contributor

mattymo commented Feb 21, 2017

ci check this

Sergii Golovatiuk added 2 commits February 21, 2017 19:10
Statically disable iptables management for docker
ebf9daf 
Docker 1.13 changes the behaviour of iptables defaults from allow
to drop. This patch disables docker's iptables management as it was
in Docker 1.12 [1]

[1] moby/moby#28257

Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
Switch docker to 1.13
3bd46f7 
- Remove variable dup for Ubuntu
- Update Docker to 1.13
@mattymo mattymo merged commit 02137f8 into kubernetes-sigs:master Feb 22, 2017
@retr0h retr0h mentioned this pull request Mar 1, 2017
Merged
@holser holser deleted the docker_iptables branch April 5, 2017 11:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mattymo mattymo mattymo approved these changes

Assignees
No one assigned
Labels
cncf-cla: yes Indicates the PR's author has signed the CNCF CLA.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@holser @mattymo @k8s-ci-robot