From 421379889df996cfbd750f8b087ba5bedc7b8c56 Mon Sep 17 00:00:00 2001 From: George Kraft Date: Fri, 27 Oct 2017 11:04:56 -0500 Subject: [PATCH] Fix iptables FORWARD policy for Docker 1.13 in kubernetes-worker charm --- .../kubernetes-worker/reactive/kubernetes_worker.py | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/cluster/juju/layers/kubernetes-worker/reactive/kubernetes_worker.py b/cluster/juju/layers/kubernetes-worker/reactive/kubernetes_worker.py index d4e25bbf18a..2fc48358e77 100644 --- a/cluster/juju/layers/kubernetes-worker/reactive/kubernetes_worker.py +++ b/cluster/juju/layers/kubernetes-worker/reactive/kubernetes_worker.py @@ -848,6 +848,16 @@ def missing_kube_control(): hookenv.service_name())) +@when('docker.ready') +def fix_iptables_for_docker_1_13(): + """ Fix iptables FORWARD policy for Docker >=1.13 + https://github.com/kubernetes/kubernetes/issues/40182 + https://github.com/kubernetes/kubernetes/issues/39823 + """ + cmd = ['iptables', '-P', 'FORWARD', 'ACCEPT'] + check_call(cmd) + + def _systemctl_is_active(application): ''' Poll systemctl to determine if the application is running ''' cmd = ['systemctl', 'is-active', application]