ip6tables should be set in the noop plugin
The noop plugin currently sets the iptables for IPv4. This updates that to also set the iptables for IPv6 so IPv6 can have parity with IPv4.
This commit is contained in:
parent
81fa823a6c
commit
0fd30adb3d
@ -157,6 +157,7 @@ func InitNetworkPlugin(plugins []NetworkPlugin, networkPluginName string, host H
|
||||
if networkPluginName == "" {
|
||||
// default to the no_op plugin
|
||||
plug := &NoopNetworkPlugin{}
|
||||
plug.Sysctl = utilsysctl.New()
|
||||
if err := plug.Init(host, hairpinMode, nonMasqueradeCIDR, mtu); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@ -200,9 +201,11 @@ func UnescapePluginName(in string) string {
|
||||
}
|
||||
|
||||
type NoopNetworkPlugin struct {
|
||||
Sysctl utilsysctl.Interface
|
||||
}
|
||||
|
||||
const sysctlBridgeCallIPTables = "net/bridge/bridge-nf-call-iptables"
|
||||
const sysctlBridgeCallIP6Tables = "net/bridge/bridge-nf-call-ip6tables"
|
||||
|
||||
func (plugin *NoopNetworkPlugin) Init(host Host, hairpinMode kubeletconfig.HairpinMode, nonMasqueradeCIDR string, mtu int) error {
|
||||
// Set bridge-nf-call-iptables=1 to maintain compatibility with older
|
||||
@ -214,9 +217,16 @@ func (plugin *NoopNetworkPlugin) Init(host Host, hairpinMode kubeletconfig.Hairp
|
||||
// Ensure the netfilter module is loaded on kernel >= 3.18; previously
|
||||
// it was built-in.
|
||||
utilexec.New().Command("modprobe", "br-netfilter").CombinedOutput()
|
||||
if err := utilsysctl.New().SetSysctl(sysctlBridgeCallIPTables, 1); err != nil {
|
||||
if err := plugin.Sysctl.SetSysctl(sysctlBridgeCallIPTables, 1); err != nil {
|
||||
glog.Warningf("can't set sysctl %s: %v", sysctlBridgeCallIPTables, err)
|
||||
}
|
||||
if val, err := plugin.Sysctl.GetSysctl(sysctlBridgeCallIP6Tables); err == nil {
|
||||
if val != 1 {
|
||||
if err = plugin.Sysctl.SetSysctl(sysctlBridgeCallIP6Tables, 1); err != nil {
|
||||
glog.Warningf("can't set sysctl %s: %v", sysctlBridgeCallIP6Tables, err)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
@ -35,7 +35,9 @@ go_test(
|
||||
"//pkg/kubelet/apis/kubeletconfig:go_default_library",
|
||||
"//pkg/kubelet/container:go_default_library",
|
||||
"//pkg/kubelet/network:go_default_library",
|
||||
"//pkg/util/sysctl/testing:go_default_library",
|
||||
"//vendor/github.com/golang/mock/gomock:go_default_library",
|
||||
"//vendor/github.com/stretchr/testify/assert:go_default_library",
|
||||
"//vendor/k8s.io/apimachinery/pkg/util/sets:go_default_library",
|
||||
],
|
||||
)
|
||||
|
@ -26,8 +26,10 @@ import (
|
||||
"k8s.io/kubernetes/pkg/kubelet/apis/kubeletconfig"
|
||||
kubecontainer "k8s.io/kubernetes/pkg/kubelet/container"
|
||||
"k8s.io/kubernetes/pkg/kubelet/network"
|
||||
sysctltest "k8s.io/kubernetes/pkg/util/sysctl/testing"
|
||||
|
||||
"github.com/golang/mock/gomock"
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
func TestSelectDefaultPlugin(t *testing.T) {
|
||||
@ -44,6 +46,35 @@ func TestSelectDefaultPlugin(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
func TestInit(t *testing.T) {
|
||||
tests := []struct {
|
||||
setting string
|
||||
expectedLen int
|
||||
}{
|
||||
{
|
||||
setting: "net/bridge/bridge-nf-call-iptables",
|
||||
expectedLen: 1,
|
||||
},
|
||||
{
|
||||
setting: "net/bridge/bridge-nf-call-ip6tables",
|
||||
expectedLen: 2,
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
sysctl := sysctltest.NewFake()
|
||||
sysctl.Settings[tt.setting] = 0
|
||||
plug := &network.NoopNetworkPlugin{}
|
||||
plug.Sysctl = sysctl
|
||||
plug.Init(NewFakeHost(nil), kubeletconfig.HairpinNone, "10.0.0.0/8", network.UseDefaultMTU)
|
||||
// Verify the sysctl specified is set
|
||||
assert.Equal(t, 1, sysctl.Settings[tt.setting], tt.setting+" sysctl should have been set")
|
||||
// Verify iptables is always set
|
||||
assert.Equal(t, 1, sysctl.Settings["net/bridge/bridge-nf-call-iptables"], "net/bridge/bridge-nf-call-iptables sysctl should have been set")
|
||||
// Verify ip6tables is only set if it existed
|
||||
assert.Len(t, sysctl.Settings, tt.expectedLen, "length wrong for "+tt.setting)
|
||||
}
|
||||
}
|
||||
|
||||
func TestPluginManager(t *testing.T) {
|
||||
ctrl := gomock.NewController(t)
|
||||
fnp := NewMockNetworkPlugin(ctrl)
|
||||
|
Loading…
Reference in New Issue
Block a user