Merge pull request #54796 from Cynerva/gkk/fix-docker-1.13

Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Fix iptables FORWARD policy for Docker 1.13 in kubernetes-worker charm **What this PR does / why we need it**: This fixes the kubernetes-worker charm to work with Docker >= 1.13 by calling `iptables -P FORWARD ACCEPT`. **Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes # **Special notes for your reviewer**: **Release note**: ```release-note Fix iptables FORWARD policy for Docker 1.13 in kubernetes-worker charm ```
2025-07-22 19:31:44 +00:00 · 2017-10-31 03:52:36 -07:00 · 2017-10-31 03:52:36 -07:00 · c2a18cca6b
commit c2a18cca6b
parent ee3a08a772 421379889d
1 changed files with 10 additions and 0 deletions
--- a/cluster/juju/layers/kubernetes-worker/reactive/kubernetes_worker.py
+++ b/cluster/juju/layers/kubernetes-worker/reactive/kubernetes_worker.py
@ -848,6 +848,16 @@ def missing_kube_control():
            hookenv.service_name()))


+@when('docker.ready')
+def fix_iptables_for_docker_1_13():
+    """ Fix iptables FORWARD policy for Docker >=1.13
+    https://github.com/kubernetes/kubernetes/issues/40182
+    https://github.com/kubernetes/kubernetes/issues/39823
+    """
+    cmd = ['iptables', '-P', 'FORWARD', 'ACCEPT']
+    check_call(cmd)
+
+
 def _systemctl_is_active(application):
    ''' Poll systemctl to determine if the application is running '''
    cmd = ['systemctl', 'is-active', application]