From 1e15243b11182fe6bd843075952beca22b5ccc47 Mon Sep 17 00:00:00 2001 From: Ian Campbell Date: Tue, 12 Sep 2017 14:27:07 +0100 Subject: [PATCH] kubernetes: Enable net.ipv4.ip_forward This doesn't seem to be necessary when using Docker Engine as the CRI backend, but in general it is. The sysctl container must be writeable to allow the /etc/sysctl.d/01-kubernetes.conf mount point to be created. See #2503. Signed-off-by: Ian Campbell --- projects/kubernetes/kube-master.yml | 5 +++++ projects/kubernetes/kube-node.yml | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/projects/kubernetes/kube-master.yml b/projects/kubernetes/kube-master.yml index d1e007f9b..73802f8d0 100644 --- a/projects/kubernetes/kube-master.yml +++ b/projects/kubernetes/kube-master.yml @@ -9,6 +9,9 @@ init: onboot: - name: sysctl image: linuxkit/sysctl:154913b72c6f1f33eb408609fca9963628e8c051 + binds: + - /etc/sysctl.d/01-kubernetes.conf:/etc/sysctl.d/01-kubernetes.conf + readonly: false - name: sysfs image: linuxkit/sysfs:3ae01a25583ee37a5ff8b09a0e569cb4bd8cf2e9 - name: dhcpcd @@ -60,6 +63,8 @@ services: - name: kubelet image: linuxkitprojects/kubernetes:c4a6ae5121df50471ad244b9fc153ff5eb674fb2 files: + - path: /etc/sysctl.d/01-kubernetes.conf + contents: 'net.ipv4.ip_forward = 1' - path: /opt/cni directory: true - path: /etc/cni diff --git a/projects/kubernetes/kube-node.yml b/projects/kubernetes/kube-node.yml index 9ae19f239..d815e3e7b 100644 --- a/projects/kubernetes/kube-node.yml +++ b/projects/kubernetes/kube-node.yml @@ -9,6 +9,9 @@ init: onboot: - name: sysctl image: linuxkit/sysctl:154913b72c6f1f33eb408609fca9963628e8c051 + binds: + - /etc/sysctl.d/01-kubernetes.conf:/etc/sysctl.d/01-kubernetes.conf + readonly: false - name: sysfs image: linuxkit/sysfs:3ae01a25583ee37a5ff8b09a0e569cb4bd8cf2e9 - name: dhcpcd @@ -58,6 +61,8 @@ services: - name: kubelet image: linuxkitprojects/kubernetes:c4a6ae5121df50471ad244b9fc153ff5eb674fb2 files: + - path: /etc/sysctl.d/01-kubernetes.conf + contents: 'net.ipv4.ip_forward = 1' - path: /opt/cni directory: true - path: /etc/cni