diff --git a/nodeup/pkg/model/firewall.go b/nodeup/pkg/model/firewall.go index b5421b596bba9..2041d9ea61e5f 100644 --- a/nodeup/pkg/model/firewall.go +++ b/nodeup/pkg/model/firewall.go @@ -17,12 +17,10 @@ limitations under the License. package model import ( - "k8s.io/kops/nodeup/pkg/distros" + "github.com/golang/glog" "k8s.io/kops/pkg/systemd" "k8s.io/kops/upup/pkg/fi" "k8s.io/kops/upup/pkg/fi/nodeup/nodetasks" - - "github.com/golang/glog" ) // FirewallBuilder configures the firewall (iptables) @@ -34,10 +32,9 @@ var _ fi.ModelBuilder = &FirewallBuilder{} // Build is responsible for generating any node firewall rules func (b *FirewallBuilder) Build(c *fi.ModelBuilderContext) error { - if b.Distribution == distros.DistributionContainerOS { - c.AddTask(b.buildFirewallScript()) - c.AddTask(b.buildSystemdService()) - } + // We need forwarding enabled (https://github.com/kubernetes/kubernetes/issues/40182) + c.AddTask(b.buildFirewallScript()) + c.AddTask(b.buildSystemdService()) return nil } diff --git a/nodeup/pkg/model/sysctls.go b/nodeup/pkg/model/sysctls.go index bbae575c90263..5e199dda7cc34 100644 --- a/nodeup/pkg/model/sysctls.go +++ b/nodeup/pkg/model/sysctls.go @@ -115,13 +115,10 @@ func (b *SysctlBuilder) Build(c *fi.ModelBuilderContext) error { "") } - if b.Cluster.Spec.CloudProvider == string(kops.CloudProviderGCE) { - sysctls = append(sysctls, - "# GCE settings", - "", - "net.ipv4.ip_forward=1", - "") - } + sysctls = append(sysctls, + "# Prevent docker from changing iptables: https://github.com/kubernetes/kubernetes/issues/40182", + "net.ipv4.ip_forward=1", + "") t := &nodetasks.File{ Path: "/etc/sysctl.d/99-k8s-general.conf",