Skip to content

Commit

Permalink
Merge pull request #3977 from justinsb/iptables_forward
Browse files Browse the repository at this point in the history
Automatic merge from submit-queue.

Ensure iptables forwarding is enabled
  • Loading branch information
Kubernetes Submit Queue authored Dec 1, 2017
2 parents cf70f99 + 7fa4c28 commit 398c4ce
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 14 deletions.
11 changes: 4 additions & 7 deletions nodeup/pkg/model/firewall.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,12 +17,10 @@ limitations under the License.
package model

import (
"k8s.io/kops/nodeup/pkg/distros"
"github.com/golang/glog"
"k8s.io/kops/pkg/systemd"
"k8s.io/kops/upup/pkg/fi"
"k8s.io/kops/upup/pkg/fi/nodeup/nodetasks"

"github.com/golang/glog"
)

// FirewallBuilder configures the firewall (iptables)
Expand All @@ -34,10 +32,9 @@ var _ fi.ModelBuilder = &FirewallBuilder{}

// Build is responsible for generating any node firewall rules
func (b *FirewallBuilder) Build(c *fi.ModelBuilderContext) error {
if b.Distribution == distros.DistributionContainerOS {
c.AddTask(b.buildFirewallScript())
c.AddTask(b.buildSystemdService())
}
// We need forwarding enabled (https://github.com/kubernetes/kubernetes/issues/40182)
c.AddTask(b.buildFirewallScript())
c.AddTask(b.buildSystemdService())

return nil
}
Expand Down
11 changes: 4 additions & 7 deletions nodeup/pkg/model/sysctls.go
Original file line number Diff line number Diff line change
Expand Up @@ -115,13 +115,10 @@ func (b *SysctlBuilder) Build(c *fi.ModelBuilderContext) error {
"")
}

if b.Cluster.Spec.CloudProvider == string(kops.CloudProviderGCE) {
sysctls = append(sysctls,
"# GCE settings",
"",
"net.ipv4.ip_forward=1",
"")
}
sysctls = append(sysctls,
"# Prevent docker from changing iptables: https://github.com/kubernetes/kubernetes/issues/40182",
"net.ipv4.ip_forward=1",
"")

t := &nodetasks.File{
Path: "/etc/sysctl.d/99-k8s-general.conf",
Expand Down

0 comments on commit 398c4ce

Please sign in to comment.