github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #68760 from jessfraz/only-set-sysctl-if-not-set 

pkg/proxy: only set sysctl if not already set
pull/58/head
k8s-ci-robot 2018-09-26 04:56:59 -07:00 committed by GitHub
parent 4404cda7ad f8ba640ced
commit 4ca9fa737e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 22 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
cmd/kube-proxy/app/conntrack.go
View File

@ -95,9 +95,12 @@ func (rct realConntracker) SetTCPCloseWaitTimeout(seconds int) error {
func (realConntracker) setIntSysCtl(name string, value int) error {
entry := "net/netfilter/" + name
glog.Infof("Set sysctl '%v' to %v", entry, value)
if err := sysctl.New().SetSysctl(entry, value); err != nil {
return err
sys := sysctl.New()
if val, _ := sys.GetSysctl(entry); val != value {
glog.Infof("Set sysctl '%v' to %v", entry, value)
if err := sys.SetSysctl(entry, value); err != nil {
return err
}
}
return nil
}

6
pkg/proxy/iptables/proxier.go
View File

@ -293,8 +293,10 @@ func NewProxier(ipt utiliptables.Interface,
nodePortAddresses []string,
) (*Proxier, error) {
// Set the route_localnet sysctl we need for
if err := sysctl.SetSysctl(sysctlRouteLocalnet, 1); err != nil {
return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlRouteLocalnet, err)
if val, _ := sysctl.GetSysctl(sysctlRouteLocalnet); val != 1 {
if err := sysctl.SetSysctl(sysctlRouteLocalnet, 1); err != nil {
return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlRouteLocalnet, err)
}
}
// Proxy needs br_netfilter and bridge-nf-call-iptables=1 when containers

18
pkg/proxy/ipvs/proxier.go
View File

@ -299,8 +299,10 @@ func NewProxier(ipt utiliptables.Interface,
nodePortAddresses []string,
) (*Proxier, error) {
// Set the route_localnet sysctl we need for
if err := sysctl.SetSysctl(sysctlRouteLocalnet, 1); err != nil {
return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlRouteLocalnet, err)
if val, _ := sysctl.GetSysctl(sysctlRouteLocalnet); val != 1 {
if err := sysctl.SetSysctl(sysctlRouteLocalnet, 1); err != nil {
return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlRouteLocalnet, err)
}
}
// Proxy needs br_netfilter and bridge-nf-call-iptables=1 when containers
@ -311,13 +313,17 @@ func NewProxier(ipt utiliptables.Interface,
}
// Set the conntrack sysctl we need for
if err := sysctl.SetSysctl(sysctlVSConnTrack, 1); err != nil {
return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlVSConnTrack, err)
if val, _ := sysctl.GetSysctl(sysctlVSConnTrack); val != 1 {
if err := sysctl.SetSysctl(sysctlVSConnTrack, 1); err != nil {
return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlVSConnTrack, err)
}
}
// Set the ip_forward sysctl we need for
if err := sysctl.SetSysctl(sysctlForward, 1); err != nil {
return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlForward, err)
if val, _ := sysctl.GetSysctl(sysctlForward); val != 1 {
if err := sysctl.SetSysctl(sysctlForward, 1); err != nil {
return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlForward, err)
}
}
// Generate the masquerade mark to use for SNAT rules.