From 38aee8b10085d045acae7e8f9d6c5c7749168805 Mon Sep 17 00:00:00 2001 From: Chris Chiu Date: Wed, 16 Oct 2024 10:04:15 +0800 Subject: [PATCH] agent: move the iptables bridge forwarding disable to agent register The DisableBridgeNF() placed in init() would cause phantom error message while restart/kill the network-manager pod. Move it to agent register to prevent the unexpected invoke. Fixes: 652162909d48 ("Disable iptables bridge forwarding on initializatio") (cherry picked from commit bced981ba965e65fed1e63fc8430d62eef972d1b) --- pkg/controller/agent/vlanconfig/controller.go | 11 +++++++++++ pkg/network/vlan/vlan.go | 6 ------ 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/pkg/controller/agent/vlanconfig/controller.go b/pkg/controller/agent/vlanconfig/controller.go index 4f1ff9266..a81f7ec1f 100644 --- a/pkg/controller/agent/vlanconfig/controller.go +++ b/pkg/controller/agent/vlanconfig/controller.go @@ -62,6 +62,10 @@ func Register(ctx context.Context, management *config.Management) error { cnCache: cns.Cache(), } + if err := handler.initialize(); err != nil { + return fmt.Errorf("initialize error: %w", err) + } + vcs.OnChange(ctx, ControllerName, handler.OnChange) vcs.OnRemove(ctx, ControllerName, handler.OnRemove) @@ -121,6 +125,13 @@ func (h Handler) OnRemove(_ string, vc *networkv1.VlanConfig) (*networkv1.VlanCo return vc, nil } +func (h Handler) initialize() error { + if err := iface.DisableBridgeNF(); err != nil { + return fmt.Errorf("disable net.bridge.bridge-nf-call-iptables failed, error: %v", err) + } + return nil +} + // MatchNode will also return the executed vlanconfig with the same clusterNetwork on this node if existing func (h Handler) MatchNode(vc *networkv1.VlanConfig) (bool, error) { if vc.Annotations == nil || vc.Annotations[utils.KeyMatchedNodes] == "" { diff --git a/pkg/network/vlan/vlan.go b/pkg/network/vlan/vlan.go index e35340850..8687102bc 100644 --- a/pkg/network/vlan/vlan.go +++ b/pkg/network/vlan/vlan.go @@ -142,9 +142,3 @@ func (v *Vlan) Bridge() *iface.Bridge { func (v *Vlan) Uplink() *iface.Link { return v.uplink } - -func init() { - if err := iface.DisableBridgeNF(); err != nil { - klog.Fatalf("disable net.bridge.bridge-nf-call-iptables failed, error: %v", err) - } -}