Fix pods unable to send traffic to ClusterIP

Flannel with VXLAN suffers from a bug[1] where pods on the same node are unable to send traffic to a service's ClusterIP when the endpoint is on the same node. This is due to improper NATTing of the return traffic. The fix is to load the br_netfilter module as specified in the kubernetes doc.[2] [1] https://github.com/flannel-io/flannel/issues/1702 [2] https://kubernetes.io/docs/setup/production-environment/container-runtimes/#forwarding-ipv4-and-letting-iptables-see-bridged-traffic Change-Id: Ic182bba9d480421c2cb581558ebde8dfb20421c8
2023-03-09 23:57:15 +11:00 · 2023-03-09 23:57:15 +11:00 · ae7a50e2af
parent b7092d312a
commit ae7a50e2af
2 changed files with 11 additions and 4 deletions
--- a/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh
@ -41,8 +41,11 @@ EOF
        systemctl restart NetworkManager
    fi
 elif [ "$NETWORK_DRIVER" = "flannel" ]; then
-    $ssh_cmd modprobe vxlan
-    echo "vxlan" > /etc/modules-load.d/vxlan.conf
+    $ssh_cmd modprobe -a vxlan br_netfilter
+    cat <<EOF > /etc/modules-load.d/flannel.conf
+vxlan
+br_netfilter
+EOF
 fi


--- a/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh
@ -47,8 +47,12 @@ EOF
        $ssh_cmd systemctl restart NetworkManager
    fi
 elif [ "$NETWORK_DRIVER" = "flannel" ]; then
-    $ssh_cmd modprobe vxlan
-    echo "vxlan" > /etc/modules-load.d/vxlan.conf
+    $ssh_cmd modprobe -a vxlan br_netfilter
+    cat <<EOF > /etc/modules-load.d/flannel.conf
+vxlan
+br_netfilter
+EOF
+
 fi

 mkdir -p /srv/magnum/kubernetes/