mirror of
https://github.com/k3s-io/k3s.git
synced 2024-06-07 19:41:36 +00:00
Improve ip6 system setup & utilities
This commit is contained in:
Erik Wilson
parent
9823f60605
commit
afa9422ad9
@ -52,10 +52,6 @@ func run(ctx context.Context, cfg cmds.Agent, lb *loadbalancer.LoadBalancer) err
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := syssetup.Configure(); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
if err := tunnel.Setup(ctx, nodeConfig, lb.Update); err != nil {
|
if err := tunnel.Setup(ctx, nodeConfig, lb.Update); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
@ -90,6 +86,7 @@ func Run(ctx context.Context, cfg cmds.Agent) error {
|
|||||||
if err := validate(); err != nil {
|
if err := validate(); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
syssetup.Configure()
|
||||||
|
|
||||||
if cfg.Rootless && !cfg.RootlessAlreadyUnshared {
|
if cfg.Rootless && !cfg.RootlessAlreadyUnshared {
|
||||||
if err := rootless.Rootless(cfg.DataDir); err != nil {
|
if err := rootless.Rootless(cfg.DataDir); err != nil {
|
||||||
|
|||||||
@ -8,11 +8,6 @@ import (
|
|||||||
"github.com/sirupsen/logrus"
|
"github.com/sirupsen/logrus"
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
|
||||||
callIPTablesFile = "/proc/sys/net/bridge/bridge-nf-call-iptables"
|
|
||||||
forward = "/proc/sys/net/ipv4/ip_forward"
|
|
||||||
)
|
|
||||||
|
|
||||||
func loadKernelModule(moduleName string) {
|
func loadKernelModule(moduleName string) {
|
||||||
if _, err := os.Stat("/sys/module/" + moduleName); err == nil {
|
if _, err := os.Stat("/sys/module/" + moduleName); err == nil {
|
||||||
logrus.Infof("module %s was already loaded", moduleName)
|
logrus.Infof("module %s was already loaded", moduleName)
|
||||||
@ -24,20 +19,19 @@ func loadKernelModule(moduleName string) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func Configure() error {
|
func enableSystemControl(file string) {
|
||||||
loadKernelModule("br_netfilter")
|
if err := ioutil.WriteFile(file, []byte("1"), 0640); err != nil {
|
||||||
|
logrus.Warnf("failed to write value 1 at %s: %v", file, err)
|
||||||
if err := ioutil.WriteFile(callIPTablesFile, []byte("1"), 0640); err != nil {
|
|
||||||
logrus.Warnf("failed to write value 1 at %s: %v", callIPTablesFile, err)
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
if err := ioutil.WriteFile(forward, []byte("1"), 0640); err != nil {
|
|
||||||
logrus.Warnf("failed to write value 1 at %s: %v", forward, err)
|
|
||||||
return nil
|
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func Configure() {
|
||||||
loadKernelModule("overlay")
|
loadKernelModule("overlay")
|
||||||
loadKernelModule("nf_conntrack")
|
loadKernelModule("nf_conntrack")
|
||||||
|
loadKernelModule("br_netfilter")
|
||||||
|
|
||||||
return nil
|
enableSystemControl("/proc/sys/net/ipv4/ip_forward")
|
||||||
|
enableSystemControl("/proc/sys/net/ipv6/conf/all/forwarding")
|
||||||
|
enableSystemControl("/proc/sys/net/bridge/bridge-nf-call-iptables")
|
||||||
|
enableSystemControl("/proc/sys/net/bridge/bridge-nf-call-ip6tables")
|
||||||
}
|
}
|
||||||
|
|||||||
@ -12,6 +12,9 @@ mkdir -p ${CHARTS_DIR}
|
|||||||
|
|
||||||
curl --compressed -sfL https://github.com/rancher/k3s-root/releases/download/${ROOT_VERSION}/k3s-root-${ARCH}.tar | tar xf -
|
curl --compressed -sfL https://github.com/rancher/k3s-root/releases/download/${ROOT_VERSION}/k3s-root-${ARCH}.tar | tar xf -
|
||||||
ln -sf pigz bin/unpigz
|
ln -sf pigz bin/unpigz
|
||||||
|
for target in iptables iptables-save iptables-restore ip6tables ip6tables-save ip6tables-restore; do
|
||||||
|
ln -sf xtables-legacy-multi bin/$target
|
||||||
|
done
|
||||||
mkdir -p bin/aux && rm bin/mount && ln -sf ../busybox bin/aux/mount
|
mkdir -p bin/aux && rm bin/mount && ln -sf ../busybox bin/aux/mount
|
||||||
|
|
||||||
TRAEFIK_FILE=traefik-${TRAEFIK_VERSION}.tgz
|
TRAEFIK_FILE=traefik-${TRAEFIK_VERSION}.tgz
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user