Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-09-19 15:56:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

image: use all of cilium's sysctl overrides (#2532)

Browse Source
This commit is contained in:
3u13r 2023-10-30 11:19:58 +01:00 committed by GitHub
parent 21cfb40e98
commit 618da92c7f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
image/base/mkosi.skeleton/usr/lib/sysctl.d/10-cilium.conf
View File

@ -1,3 +0,0 @@
# See https://github.com/cilium/cilium/issues/10645
net.ipv4.conf.lxc*.rp_filter = 0
net.ipv4.conf.cilium_*.rp_filter = 0

8
image/base/mkosi.skeleton/usr/lib/sysctl.d/99-zzz-override_cilium.conf Normal file
View File

@ -0,0 +1,8 @@
# See https://github.com/cilium/cilium/issues/10645
# and https://github.com/cilium/cilium/blame/898a632e3c3b64eaa0f23ebde5a069e87373c59b/tools/sysctlfix/main.go#L41
# Disable rp_filter on Cilium interfaces since it may cause mangled packets to be dropped
-net.ipv4.conf.lxc*.rp_filter = 0
-net.ipv4.conf.cilium_*.rp_filter = 0
# The kernel uses max(conf.all, conf.{dev}) as its value, so we need to set .all. to 0 as well.
# Otherwise it will overrule the device specific settings.
net.ipv4.conf.all.rp_filter = 0