starlingx/stx-puppet
Code Issues Proposed changes

Update correct iptable config values in /etc/sysctl.d/k8s.conf

Browse Source 
The /etc/sysctl.d/k8s.conf file is missing the below iptable config
values which causes the error in kubeadm init -
"/proc/sys/net/ipv6/conf/default/forwarding was not set to 1"
during optimized BnR opearion.

net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
net.ipv6.conf.all.forwarding = 1

Recent changes in the below review modified the way Kubernetes is
restored. It exposes the incorrect kernel parameters in stx-puppet.
https://review.opendev.org/c/starlingx/ansible-playbooks/+/890370

This change updates the correct iptable configuration values in the
file /etc/sysctl.d/k8s.conf during bootstrap which fixes the
optimized BnR operation failure.

These settings are intended to exactly align with the settings
already being configured by the bringup-kubemaster task in the
ansible-playbooks.

Test Plan:
PASS: Fresh install ISO as AIO-SX. Verify that /etc/sysctl.d/k8s.conf
      have the correct configuration values.
PASS: Performed optimized BnR on IPv4 enabled AIO-SX.
PASS: Performed optimized BnR on IPv6 enabled AIO-SX.

Closes-Bug: 2038545

Change-Id: I585117190b2372cfd7c978eff9bd9ff6da61a88f
Signed-off-by: Ramesh Kumar Sivanandam <rameshkumar.sivanandam@windriver.com>
This commit is contained in:
Ramesh Kumar Sivanandam 2023-10-03 16:08:43 -04:00
parent e49328c20a
commit 82ca22f5b6
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
puppet-manifests/src/modules/platform/manifests/kubernetes.pp
View File

@ -255,8 +255,14 @@ class platform::kubernetes::kubeadm {
$k8s_topology_mgr_policy = $::platform::kubernetes::params::k8s_topology_mgr_policy
$k8s_pod_max_pids = $::platform::kubernetes::params::k8s_pod_max_pids
$iptables_file = "net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1"
$iptables_file = @("IPTABLE"/L)
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
net.ipv6.conf.all.forwarding = 1
| IPTABLE
# Configure kubelet cpumanager options
$opts_sys_res = join(['--system-reserved=',