Configure br_netfilter to fix DNS (kubevirt#242)

* Configure br_netfilter to fix DNS Unless the knobs are enabled, DNS replies originate from a wrong IP address, which breaks in-pod DNS resolution. Signed-off-by: Ihar Hrachyshka <ihrachys@redhat.com> * Load br_netfilter before setting its sysctl knobs There's a chance the module is not loaded at all. Signed-off-by: Ihar Hrachyshka <ihrachys@redhat.com> * Use sysctl instead of /proc to set br_netfilter knobs Signed-off-by: Ihar Hrachyshka <ihrachys@redhat.com>
kubevirt-bot · Feb 10, 2020 · b7f8935 · b7f8935
1 parent aee32b2
commit b7f8935
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/cluster-up/cluster/kind/common.sh b/cluster-up/cluster/kind/common.sh
@@ -83,6 +83,15 @@ manifest_docker_prefix=registry:5000/kubevirt
 EOF
 }
 
+function _configure_network() {
+    # modprobe is present inside kind container but may be missing in the
+    # environment running this script, so load the module from inside kind
+    ${NODE_CMD} $1 modprobe br_netfilter
+    for knob in arp ip ip6; do
+        ${NODE_CMD} $1 sysctl -w sys.net.bridge.bridge-nf-call-${knob}tables=1
+    done
+}
+
 function kind_up() {
     _fetch_kind
 
@@ -127,6 +136,7 @@ function kind_up() {
 
     for node in $(_kubectl get nodes --no-headers | awk '{print $1}'); do
         _configure_registry_on_node "$node"
+        _configure_network "$node"
     done
     prepare_config
 }