From afc54224aa7e4ce1e668fbe925b599163d4d4b5a Mon Sep 17 00:00:00 2001
From: Xiaoyu Zhong <topaz.zhong@gmail.com>
Date: Tue, 14 Jan 2020 18:00:55 +0800
Subject: [PATCH] Fix net.bridge setting for Flannel on CentOS 7

---
 nodeup/pkg/model/sysctls.go | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/nodeup/pkg/model/sysctls.go b/nodeup/pkg/model/sysctls.go
index 6949035c561ea..531bcb8967040 100644
--- a/nodeup/pkg/model/sysctls.go
+++ b/nodeup/pkg/model/sysctls.go
@@ -20,6 +20,7 @@ import (
 	"fmt"
 	"strings"
 
+	"k8s.io/kops/nodeup/pkg/distros"
 	"k8s.io/kops/pkg/apis/kops"
 	"k8s.io/kops/upup/pkg/fi"
 	"k8s.io/kops/upup/pkg/fi/nodeup/nodetasks"
@@ -117,6 +118,23 @@ func (b *SysctlBuilder) Build(c *fi.ModelBuilderContext) error {
 		)
 	}
 
+	// Running Flannel on CentOS 7 needs custom settings
+	if b.Cluster.Spec.Networking.Flannel != nil {
+		proxyMode := b.Cluster.Spec.KubeProxy.ProxyMode
+		if proxyMode == "" {
+			proxyMode = "iptables"
+		}
+
+		if proxyMode == "iptables" && b.Distribution == distros.DistributionCentos7 {
+			sysctls = append(sysctls,
+				"# Flannel settings on CentOS 7",
+				"# Issue https://github.com/coreos/flannel/issues/902",
+				"net.bridge.bridge-nf-call-ip6tables=1",
+				"net.bridge.bridge-nf-call-iptables=1",
+				"")
+		}
+	}
+
 	if b.Cluster.Spec.CloudProvider == string(kops.CloudProviderAWS) {
 		sysctls = append(sysctls,
 			"# AWS settings",