Merge pull request #63872 from kad/ipforward

Automatic merge from submit-queue (batch tested with PRs 63589, 63644, 63861, 63872, 63847). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. kubeadm preflight check for IPv4 and IPv6 forwarding **What this PR does / why we need it**: adds preflight check for IP forwarding **Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*: Fixes kubernetes/kubeadm#580 **Special notes for your reviewer**: **Release note**: ```release-note kubeadm now checks that IPv4/IPv6 forwarding is enabled ```
2018-05-15 17:09:17 -07:00 · 2018-05-15 17:09:17 -07:00 · 6f286dbc84
parent 49e9322d4f 510ce3ce53
commit 6f286dbc84
1 changed files with 12 additions and 6 deletions
--- a/cmd/kubeadm/app/preflight/checks.go
+++ b/cmd/kubeadm/app/preflight/checks.go
@ -60,6 +60,8 @@ import (
 const (
 	bridgenf                    = "/proc/sys/net/bridge/bridge-nf-call-iptables"
 	bridgenf6                   = "/proc/sys/net/bridge/bridge-nf-call-ip6tables"
 	ipv4Forward                 = "/proc/sys/net/ipv4/ip_forward"
 	ipv6DefaultForwarding       = "/proc/sys/net/ipv6/conf/default/forwarding"
 	externalEtcdRequestTimeout  = time.Duration(10 * time.Second)
 	externalEtcdRequestRetries  = 3
 	externalEtcdRequestInterval = time.Duration(5 * time.Second)
@ -901,6 +903,7 @@ func RunInitMasterChecks(execer utilsexec.Interface, cfg *kubeadmapi.MasterConfi
 		if ip.To4() == nil && ip.To16() != nil {
 			checks = append(checks,
 				FileContentCheck{Path: bridgenf6, Content: []byte{'1'}},
 				FileContentCheck{Path: ipv6DefaultForwarding, Content: []byte{'1'}},
 			)
 		}
 	}
@ -922,25 +925,27 @@ func RunJoinNodeChecks(execer utilsexec.Interface, cfg *kubeadmapi.NodeConfigura
 	}
 	checks = addCommonChecks(execer, cfg, checks)
-	var bridgenf6Check Checker
+	addIPv6Checks := false
 	for _, server := range cfg.DiscoveryTokenAPIServers {
 		ipstr, _, err := net.SplitHostPort(server)
 		if err == nil {
 			checks = append(checks,
 				HTTPProxyCheck{Proto: "https", Host: ipstr},
 			)
-			if bridgenf6Check == nil {
+			if !addIPv6Checks {
 				if ip := net.ParseIP(ipstr); ip != nil {
 					if ip.To4() == nil && ip.To16() != nil {
-						// This check should be added only once
+						addIPv6Checks = true
 						bridgenf6Check = FileContentCheck{Path: bridgenf6, Content: []byte{'1'}}
 					}
 				}
 			}
 		}
 	}
-	if bridgenf6Check != nil {
+	if addIPv6Checks {
-		checks = append(checks, bridgenf6Check)
+		checks = append(checks,
 			FileContentCheck{Path: bridgenf6, Content: []byte{'1'}},
 			FileContentCheck{Path: ipv6DefaultForwarding, Content: []byte{'1'}},
 		)
 	}
 	return RunChecks(checks, os.Stderr, ignorePreflightErrors)
@ -969,6 +974,7 @@ func addCommonChecks(execer utilsexec.Interface, cfg kubeadmapi.CommonConfigurat
 	if runtime.GOOS == "linux" {
 		checks = append(checks,
 			FileContentCheck{Path: bridgenf, Content: []byte{'1'}},
 			FileContentCheck{Path: ipv4Forward, Content: []byte{'1'}},
 			SwapCheck{},
 			InPathCheck{executable: "ip", mandatory: true, exec: execer},
 			InPathCheck{executable: "iptables", mandatory: true, exec: execer},