Skip to content
This repository has been archived by the owner on Jan 11, 2023. It is now read-only.

fix(cni-networking): Enables br_netfilter kernel module #3484

Merged
merged 1 commit into from
Jul 17, 2018
Merged

fix(cni-networking): Enables br_netfilter kernel module #3484

merged 1 commit into from
Jul 17, 2018

Conversation

thomastaylor312
Copy link
Contributor

What this PR does / why we need it:'
Without this module, iptables rules do not apply to bridges and network overlays do not function

Release note:

fix(cni-networking): Enables `br_netfilter` kernel module

@thomastaylor312
fix(cni-networking): Enables br_netfilter kernel module
b108c57 
Without this module, iptables rules to not apply to bridges.
@thomastaylor312
Copy link
Contributor Author

cc @jessfraz

seanknox
seanknox approved these changes Jul 17, 2018
View reviewed changes
Copy link
Contributor

@seanknox seanknox left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, but waiting to hear from @jessfraz.

@jessfraz
Copy link
Contributor

ah jeez good find lgtm

jackfrancis
jackfrancis reviewed Jul 17, 2018
View reviewed changes
parts/k8s/kubernetescustomscript.sh
@@ -257,6 +257,11 @@ function installCNI() {
tar -xzf $CONTAINERNETWORKING_CNI_TGZ_TMP -C $CNI_BIN_DIR
chown -R root:root $CNI_BIN_DIR
chmod -R 755 $CNI_BIN_DIR
# Turn on br_netfilter (needed for the iptables rules to work on bridges)
# and permanently enable it
modprobe br_netfilter
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's do retrycmd_if_failure 10 5 10 modprobe br_netfilter above to appease the runtime provisioning gods.

@codecov
Copy link

codecov bot commented Jul 17, 2018
edited
Loading

Codecov Report

Merging #3484 into master will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##           master    #3484   +/-   ##
=======================================
  Coverage   55.94%   55.94%           
=======================================
  Files         105      105           
  Lines       15917    15917           
=======================================
  Hits         8905     8905           
  Misses       6262     6262           
  Partials      750      750

jackfrancis
jackfrancis approved these changes Jul 17, 2018
View reviewed changes
Copy link
Member

@jackfrancis jackfrancis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, I'll add a follow-up PR to wrap modprobe inside a retry loop w/ a distinct CSE error code

@jackfrancis jackfrancis merged commit 016ac18 into Azure:master Jul 17, 2018
jackfrancis pushed a commit that referenced this pull request Jul 17, 2018
@thomastaylor312 @jackfrancis
fix(cni-networking): Enables br_netfilter kernel module (#3484)
8f53c34 
Without this module, iptables rules to not apply to bridges.
@thomastaylor312 thomastaylor312 deleted the fix/overlay_networking branch July 18, 2018 17:35
kkmsft pushed a commit to kkmsft/acs-engine that referenced this pull request Jul 20, 2018
@thomastaylor312 @kkmsft
fix(cni-networking): Enables br_netfilter kernel module (Azure#3484)
8e4ef1e 
Without this module, iptables rules to not apply to bridges.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@jackfrancis jackfrancis jackfrancis approved these changes

@seanknox seanknox seanknox approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@thomastaylor312 @jessfraz @seanknox @jackfrancis