diff --git a/pkg/proxy/iptables/proxier.go b/pkg/proxy/iptables/proxier.go index 248b2fc2e8b..1aafe9e1ce7 100644 --- a/pkg/proxy/iptables/proxier.go +++ b/pkg/proxy/iptables/proxier.go @@ -269,11 +269,8 @@ func NewProxier(ipt utiliptables.Interface, nodePortAddresses []string, ) (*Proxier, error) { // Set the route_localnet sysctl we need for - if val, _ := sysctl.GetSysctl(sysctlRouteLocalnet); val != 1 { - if err := sysctl.SetSysctl(sysctlRouteLocalnet, 1); err != nil { - return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlRouteLocalnet, err) - } - klog.V(1).Infof("Set sysctl %q to 1", sysctlRouteLocalnet) + if err := utilproxy.EnsureSysctl(sysctl, sysctlRouteLocalnet, 1); err != nil { + return nil, err } // Proxy needs br_netfilter and bridge-nf-call-iptables=1 when containers diff --git a/pkg/proxy/ipvs/proxier.go b/pkg/proxy/ipvs/proxier.go index 67305b8cf11..1b22f8b0cda 100644 --- a/pkg/proxy/ipvs/proxier.go +++ b/pkg/proxy/ipvs/proxier.go @@ -347,11 +347,8 @@ func NewProxier(ipt utiliptables.Interface, kernelHandler KernelHandler, ) (*Proxier, error) { // Set the route_localnet sysctl we need for - if val, _ := sysctl.GetSysctl(sysctlRouteLocalnet); val != 1 { - if err := sysctl.SetSysctl(sysctlRouteLocalnet, 1); err != nil { - return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlRouteLocalnet, err) - } - klog.V(1).Infof("Set sysctl %q to 1", sysctlRouteLocalnet) + if err := utilproxy.EnsureSysctl(sysctl, sysctlRouteLocalnet, 1); err != nil { + return nil, err } // Proxy needs br_netfilter and bridge-nf-call-iptables=1 when containers @@ -362,11 +359,8 @@ func NewProxier(ipt utiliptables.Interface, } // Set the conntrack sysctl we need for - if val, _ := sysctl.GetSysctl(sysctlVSConnTrack); val != 1 { - if err := sysctl.SetSysctl(sysctlVSConnTrack, 1); err != nil { - return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlVSConnTrack, err) - } - klog.V(1).Infof("Set sysctl %q to 1", sysctlVSConnTrack) + if err := utilproxy.EnsureSysctl(sysctl, sysctlVSConnTrack, 1); err != nil { + return nil, err } kernelVersionStr, err := kernelHandler.GetKernelVersion() @@ -381,53 +375,35 @@ func NewProxier(ipt utiliptables.Interface, klog.Errorf("can't set sysctl %s, kernel version must be at least %s", sysctlConnReuse, connReuseMinSupportedKernelVersion) } else { // Set the connection reuse mode - if val, _ := sysctl.GetSysctl(sysctlConnReuse); val != 0 { - if err := sysctl.SetSysctl(sysctlConnReuse, 0); err != nil { - return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlConnReuse, err) - } - klog.V(1).Infof("Set sysctl %q to 0", sysctlConnReuse) + if err := utilproxy.EnsureSysctl(sysctl, sysctlConnReuse, 0); err != nil { + return nil, err } } // Set the expire_nodest_conn sysctl we need for - if val, _ := sysctl.GetSysctl(sysctlExpireNoDestConn); val != 1 { - if err := sysctl.SetSysctl(sysctlExpireNoDestConn, 1); err != nil { - return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlExpireNoDestConn, err) - } - klog.V(1).Infof("Set sysctl %q to 1", sysctlExpireNoDestConn) + if err := utilproxy.EnsureSysctl(sysctl, sysctlExpireNoDestConn, 1); err != nil { + return nil, err } // Set the expire_quiescent_template sysctl we need for - if val, _ := sysctl.GetSysctl(sysctlExpireQuiescentTemplate); val != 1 { - if err := sysctl.SetSysctl(sysctlExpireQuiescentTemplate, 1); err != nil { - return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlExpireQuiescentTemplate, err) - } - klog.V(1).Infof("Set sysctl %q to 1", sysctlExpireQuiescentTemplate) + if err := utilproxy.EnsureSysctl(sysctl, sysctlExpireQuiescentTemplate, 1); err != nil { + return nil, err } // Set the ip_forward sysctl we need for - if val, _ := sysctl.GetSysctl(sysctlForward); val != 1 { - if err := sysctl.SetSysctl(sysctlForward, 1); err != nil { - return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlForward, err) - } - klog.V(1).Infof("Set sysctl %q to 1", sysctlForward) + if err := utilproxy.EnsureSysctl(sysctl, sysctlForward, 1); err != nil { + return nil, err } if strictARP { // Set the arp_ignore sysctl we need for - if val, _ := sysctl.GetSysctl(sysctlArpIgnore); val != 1 { - if err := sysctl.SetSysctl(sysctlArpIgnore, 1); err != nil { - return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlArpIgnore, err) - } - klog.V(1).Infof("Set sysctl %q to 1", sysctlArpIgnore) + if err := utilproxy.EnsureSysctl(sysctl, sysctlArpIgnore, 1); err != nil { + return nil, err } // Set the arp_announce sysctl we need for - if val, _ := sysctl.GetSysctl(sysctlArpAnnounce); val != 2 { - if err := sysctl.SetSysctl(sysctlArpAnnounce, 2); err != nil { - return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlArpAnnounce, err) - } - klog.V(1).Infof("Set sysctl %q to 2", sysctlArpAnnounce) + if err := utilproxy.EnsureSysctl(sysctl, sysctlArpAnnounce, 2); err != nil { + return nil, err } } diff --git a/pkg/proxy/util/BUILD b/pkg/proxy/util/BUILD index 8f17dea73f8..a7164fc0e00 100644 --- a/pkg/proxy/util/BUILD +++ b/pkg/proxy/util/BUILD @@ -12,6 +12,7 @@ go_library( visibility = ["//visibility:public"], deps = [ "//pkg/apis/core/v1/helper:go_default_library", + "//pkg/util/sysctl:go_default_library", "//staging/src/k8s.io/api/core/v1:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/types:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/util/rand:go_default_library", diff --git a/pkg/proxy/util/utils.go b/pkg/proxy/util/utils.go index b4f1b4304c1..70d392ac9ef 100644 --- a/pkg/proxy/util/utils.go +++ b/pkg/proxy/util/utils.go @@ -29,6 +29,7 @@ import ( "k8s.io/apimachinery/pkg/util/sets" "k8s.io/client-go/tools/record" helper "k8s.io/kubernetes/pkg/apis/core/v1/helper" + utilsysctl "k8s.io/kubernetes/pkg/util/sysctl" utilnet "k8s.io/utils/net" "k8s.io/klog" @@ -288,3 +289,14 @@ func ShuffleStrings(s []string) []string { } return shuffled } + +// EnsureSysctl sets a kernel sysctl to a given numeric value. +func EnsureSysctl(sysctl utilsysctl.Interface, name string, newVal int) error { + if oldVal, _ := sysctl.GetSysctl(name); oldVal != newVal { + if err := sysctl.SetSysctl(name, newVal); err != nil { + return fmt.Errorf("can't set sysctl %s to %d: %v", name, newVal, err) + } + klog.V(1).Infof("Changed sysctl %q: %d -> %d", name, oldVal, newVal) + } + return nil +}