Merge pull request #48450 from wwwtyro/rye/lxc-disable-conntrack-max

Automatic merge from submit-queue (batch tested with PRs 48399, 48450, 48144)

configure kube-proxy to run with unset conntrack param when in lxc

**What this PR does / why we need it**: Configures the Juju Charm code to run kube-proxy with `conntrack-max-per-core` set to `0` when in an lxc as a workaround for issues when mounting `/sys/module/nf_conntrack/parameters/hashsize`

**Release note**:

```release-note
Configures the Juju Charm code to run kube-proxy with conntrack-max-per-core set to 0 when in an lxc as a workaround for issues when mounting /sys/module/nf_conntrack/parameters/hashsize
```

cluster/juju/layers/kubernetes-worker/layer.yaml

@@ -22,6 +22,7 @@ options:
       - 'ceph-common'
       - 'nfs-common'
       - 'socat'
+      - 'virt-what'
   tls-client:
     ca_certificate_path: '/root/cdk/ca.crt'
     server_certificate_path: '/root/cdk/server.crt'

cluster/juju/layers/kubernetes-worker/reactive/kubernetes_worker.py

@@ -482,6 +482,9 @@ def configure_worker_services(api_servers, dns, cluster_cidr):
     kube_proxy_opts.add('v', '0')
     kube_proxy_opts.add('master', random.choice(api_servers), strict=True)
 
+    if b'lxc' in check_output('virt-what', shell=True):
+        kube_proxy_opts.add('conntrack-max-per-core', '0')
+
     cmd = ['snap', 'set', 'kubelet'] + kubelet_opts.to_s().split(' ')
     check_call(cmd)
     cmd = ['snap', 'set', 'kube-proxy'] + kube_proxy_opts.to_s().split(' ')