Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

agent: move the iptables bridge forwarding disable to agent register #123

Merged
merged 1 commit into from
Oct 17, 2024

Conversation

mingshuoqiu
Copy link
Contributor

The DisableBridgeNF() placed in init() would cause phantom error message while restart/kill the network-manager pod. Move it to agent register to prevent the unexpected invoke.

Fixes: 6521629 ("Disable iptables bridge forwarding on initializatio")

Problem:
harvester/harvester#6747

Solution:
Move the DisableBridgeNF() to agent register to prevent the unexpected invoke.

Related Issue:

Test plan:

  1. Manually restarting the harvester-network-controller-manager deployment or simply killing off the pod
  2. check if there's the error message disable net.bridge.bridge-nf-call-iptables failed, error: open /proc/sys/net/bridge/bridge-nf-call-iptables: read-only file system

The DisableBridgeNF() placed in init() would cause phantom error
message while restart/kill the network-manager pod. Move it to
agent register to prevent the unexpected invoke.

Fixes: 6521629 ("Disable iptables bridge forwarding on initializatio")
Copy link
Member

@starbops starbops left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Confirmed that

  • Manager pods no longer crash
  • Only agent pods set the kernel tunable
  • Each node's net.bridge.bridge-nf-call-iptables is 0.

LGTM, thank you.

@starbops starbops merged commit bced981 into harvester:master Oct 17, 2024
4 checks passed
@mingshuoqiu mingshuoqiu deleted the issue_6747 branch October 17, 2024 02:19
@starbops
Copy link
Member

@mergify backport v0.5.x

Copy link

mergify bot commented Oct 17, 2024

backport v0.5.x

✅ Backports have been created

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants