Merge pull request #55004 from ihmccreery/master-sysctl

Automatic merge from submit-queue (batch tested with PRs 55004, 54957). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Explicitly set route_localnet on nodes & masters.

Allow for loopback addresses to be used for routing, specifically to
enable metadata proxy on master nodes.



**What this PR does / why we need it**: Enables metadata proxy (#8867) to work on the master.  This is already being done on the nodes by kube-proxy, but this makes it explicit, and sets it on the master where kube-proxy doesn't run.  Thanks to @dnardo for figuring this out!

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*: fixes #54736
Fixes #

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```

cluster/gce/gci/configure-helper.sh

@@ -34,6 +34,11 @@ function setup-os-params {
 
 function config-ip-firewall {
   echo "Configuring IP firewall rules"
+
+  # Do not consider loopback addresses as martian source or destination while
+  # routing. This enables the use of 127/8 for local routing purposes.
+  sysctl -w net.ipv4.conf.all.route_localnet=1
+
   # The GCI image has host firewall which drop most inbound/forwarded packets.
   # We need to add rules to accept all TCP/UDP/ICMP packets.
   if iptables -L INPUT | grep "Chain INPUT (policy DROP)" > /dev/null; then