Enable netfilter for bridge, requirement for all CNI that use bridge

https://kubernetes.io/docs/concepts/cluster-administration/network-plugins/#network-plugin-requirements Fixes #141
cloudnativelabs · Aug 29, 2017 · ff079d2 · ff079d2
1 parent 5951f55
commit ff079d2
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/app/controllers/network_routes_controller.go b/app/controllers/network_routes_controller.go
@@ -3,6 +3,7 @@ package controllers
 import (
 	"errors"
 	"fmt"
+	"io/ioutil"
 	"net"
 	"net/url"
 	"os/exec"
@@ -94,6 +95,14 @@ func (nrc *NetworkRoutingController) Run(stopCh <-chan struct{}, wg *sync.WaitGr
 		glog.Errorf("Failed to enable IP forwarding of traffic from pods: %s", err.Error())
 	}
 
+	// enable netfilter for the bridge
+	if _, err := exec.Command("modprobe", "br_netfilter").CombinedOutput(); err != nil {
+		glog.Errorf("Failed to enable netfilter for bridge. Network policies and service proxy may not work: %s", err.Error())
+	}
+	if err = ioutil.WriteFile("/proc/sys/net/bridge/bridge-nf-call-iptables", []byte(strconv.Itoa(1)), 0640); err != nil {
+		glog.Errorf("Failed to enable netfilter for bridge. Network policies and service proxy may not work: %s", err.Error())
+	}
+
 	t := time.NewTicker(nrc.syncPeriod)
 	defer t.Stop()
 	defer wg.Done()