pkg/proxy: only set sysctl if not already set

This will allow for kube-proxy to be run without `privileged` and with only adding the capability `NET_ADMIN`. Signed-off-by: Jess Frazelle <acidburn@microsoft.com>
2025-09-16 22:53:22 +00:00 · 2018-09-17 20:25:54 -04:00
parent 817d420d68
commit f8ba640ced
3 changed files with 22 additions and 11 deletions
--- a/cmd/kube-proxy/app/conntrack.go
+++ b/cmd/kube-proxy/app/conntrack.go
@@ -95,9 +95,12 @@ func (rct realConntracker) SetTCPCloseWaitTimeout(seconds int) error {
 func (realConntracker) setIntSysCtl(name string, value int) error {
 	entry := "net/netfilter/" + name

-	glog.Infof("Set sysctl '%v' to %v", entry, value)
-	if err := sysctl.New().SetSysctl(entry, value); err != nil {
-		return err
+	sys := sysctl.New()
+	if val, _ := sys.GetSysctl(entry); val != value {
+		glog.Infof("Set sysctl '%v' to %v", entry, value)
+		if err := sys.SetSysctl(entry, value); err != nil {
+			return err
+		}
 	}
 	return nil
 }