Enable IPv4/IPv6 forwarding on demand automatically

Although it has been documented as a prerequisite in [1], there are some platforms not enabling ip forwarding by default. kube-proxy ipvs mode and some CNIs enable it by themselves to ensure Pod networking work properly. As Antrea needs IP forwarding to be enabled, there seems no reason to not do it by itself, rather than expecting users or other components to do it. [1] https://kubernetes.io/docs/setup/production-environment/container-runtimes/#install-and-configure-prerequisites Signed-off-by: Quan Tian <[email protected]>
antrea-io · Jan 12, 2024 · b237f7c · b237f7c
1 parent fca0e7e
commit b237f7c
Showing 1 changed file with 9 additions and 7 deletions.
diff --git a/pkg/agent/route/route_linux.go b/pkg/agent/route/route_linux.go
@@ -182,15 +182,17 @@ func (c *Client) Initialize(nodeConfig *config.NodeConfig, done func()) error {
 		return fmt.Errorf("failed to initialize ip routes: %v", err)
 	}
 
+	// Ensure IPv4 forwarding is enabled if it is a dual-stack or IPv4-only cluster.
+	if c.nodeConfig.NodeIPv4Addr != nil {
+		if err := sysctl.EnsureSysctlNetValue("ipv4/ip_forward", 1); err != nil {
+			return fmt.Errorf("failed to enable IPv4 forwarding: %w", err)
+		}
+	}
+
 	// Ensure IPv6 forwarding is enabled if it is a dual-stack or IPv6-only cluster.
 	if c.nodeConfig.NodeIPv6Addr != nil {
-		sysctlFilename := "ipv6/conf/all/forwarding"
-		v, err := sysctl.GetSysctlNet(sysctlFilename)
-		if err != nil {
-			return fmt.Errorf("failed to read value of sysctl file: %s", sysctlFilename)
-		}
-		if v != 1 {
-			return fmt.Errorf("IPv6 forwarding is not enabled")
+		if err := sysctl.EnsureSysctlNetValue("ipv6/conf/all/forwarding", 1); err != nil {
+			return fmt.Errorf("failed to enable IPv6 forwarding: %w", err)
 		}
 	}