kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3977 from justinsb/iptables_forward 

Automatic merge from submit-queue.

Ensure iptables forwarding is enabled
This commit is contained in:
Kubernetes Submit Queue 2017-11-30 18:39:07 -08:00 committed by GitHub
parent cf70f997e2 7fa4c28b1b
commit 398c4ceebf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
nodeup/pkg/model/firewall.go
View File

@ -17,12 +17,10 @@ limitations under the License.
package model
import (
"k8s.io/kops/nodeup/pkg/distros"
"github.com/golang/glog"
"k8s.io/kops/pkg/systemd"
"k8s.io/kops/upup/pkg/fi"
"k8s.io/kops/upup/pkg/fi/nodeup/nodetasks"
"github.com/golang/glog"
)
// FirewallBuilder configures the firewall (iptables)
@ -34,10 +32,9 @@ var _ fi.ModelBuilder = &FirewallBuilder{}
// Build is responsible for generating any node firewall rules
func (b *FirewallBuilder) Build(c *fi.ModelBuilderContext) error {
if b.Distribution == distros.DistributionContainerOS {
c.AddTask(b.buildFirewallScript())
c.AddTask(b.buildSystemdService())
}
// We need forwarding enabled (https://github.com/kubernetes/kubernetes/issues/40182)
c.AddTask(b.buildFirewallScript())
c.AddTask(b.buildSystemdService())
return nil
}

11
nodeup/pkg/model/sysctls.go
View File

@ -115,13 +115,10 @@ func (b *SysctlBuilder) Build(c *fi.ModelBuilderContext) error {
"")
}
if b.Cluster.Spec.CloudProvider == string(kops.CloudProviderGCE) {
sysctls = append(sysctls,
"# GCE settings",
"",
"net.ipv4.ip_forward=1",
"")
}
sysctls = append(sysctls,
"# Prevent docker from changing iptables: https://github.com/kubernetes/kubernetes/issues/40182",
"net.ipv4.ip_forward=1",
"")
t := &nodetasks.File{
Path: "/etc/sysctl.d/99-k8s-general.conf",