Maksytka/kind
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kind.git synced 2025-12-01 07:26:05 +07:00
Code Issues Packages Projects Releases Wiki Activity
Files
b98dc21ad34b779d35896991cefa91e6b6fb4fbc
kind/images/base/files/etc/sysctl.d/10-network-magic.conf
Shane Utt 5e66ec05a5 fix: set opinionated arp_ignore in base image 
Some Linux distributions set this to 2 or higher, which will break
kindnet (specifically the ptp plugin). We now set this in our base
image in an opinionated way so that the host system no longer
decides the value as it might inadvertantly break kind networking.

Signed-off-by: Shane Utt <shaneutt@linux.com>
2025-03-11 11:16:31 -04:00

26 lines
1.5 KiB
Plaintext
Raw Blame History

# Do not consider loopback addresses as martian source or destination while routing
# - Docker with custom networks uses an embedded DNS server with address 172.0.0.11
# - Kubernetes pods mount the node resolv.conf, so they can't use a loopack address
# that is only reachable from the node.
#
# KIND rewrites the well-known docker DNS address 127.0.0.11 by a non-loopback address.
# The DNS traffic coming from a pod will have to route to a localhost address to be NATed,
# hence we have to enable route_localnet or pods DNS will not work.
# Kubernetes mitigates the possible security issue caused by enabling this option.
# ref: https://nvd.nist.gov/vuln/detail/CVE-2020-8558
net.ipv4.conf.all.route_localnet=1
# The global kernel parameter net.ipv4.conf.all.arp_ignore governs the
# conditions under which ARP requests will be accepted or ignored. This global
# setting will override any individual interface settings. Some host systems
# might set this global parameter to a more restrictive setting of 2 (or
# greater). Specifically, in mode 2, the system ignores ARP requests directed to
# /32 addresses (this is what kindnet assigns to its veth interfaces) because
# the request originates from a different subnet. This behavior breaks routing
# for kindnet (specifically the ptp plugin), so we opinionatedly set this to 0
# when kindnet is in use to ensure proper networking.
#
# For more information see:
# https://www.kernel.org/doc/html/latest/networking/ip-sysctl.html#arp_ignore
net.ipv4.conf.all.arp_ignore=0
Reference in New Issue View Git Blame Copy Permalink