Fix flannel support on Fedora CoreOS

* Fedora CoreOS now ships systemd-udev's `default.link` while
Flannel relies on being able to pick its own MAC address for
the `flannel.1` link for tunneled traffic to reach cni0 on
the destination side, without being dropped
* This change first appeared in FCOS testing-devel 32.20200624.20.1
and is the behavior going forward in FCOS since it was added
to align FCOS network naming / configs with the rest of Fedora
and address issues related to the default being missing
* Flatcar Linux (and Container Linux) has a specific flannel.link
configuration builtin, so it was not affected
* https://github.com/coreos/fedora-coreos-tracker/issues/574#issuecomment-665487296

Note: Typhoon's recommended and default CNI provider is Calico,
unless `networking` is set to flannel directly.
This commit is contained in:
Dalton Hubble 2020-08-01 21:00:39 -07:00
parent 2aef42d4f6
commit 78e6409bd0
11 changed files with 77 additions and 0 deletions

View File

@ -8,6 +8,13 @@ Notable changes between versions.
* Update CoreDNS from v1.6.7 to [v1.7.0](https://coredns.io/2020/06/15/coredns-1.7.0-release/) * Update CoreDNS from v1.6.7 to [v1.7.0](https://coredns.io/2020/06/15/coredns-1.7.0-release/)
* Update Cilium from v1.8.1 to [v1.8.2](https://github.com/cilium/cilium/releases/tag/v1.8.2) * Update Cilium from v1.8.1 to [v1.8.2](https://github.com/cilium/cilium/releases/tag/v1.8.2)
### Fedora CoreOS
* Fix support for Flannel with Fedora CoreOS ([#795](https://github.com/poseidon/typhoon/pull/795))
* Fedora CoreOS fixes to align network interface defaults altered MAC address assignment for
the `flannel.1` interface in a way that caused flannel to drop pod-to-pod traffic
* Configure flannel interfaces explicitly
#### Addons #### Addons
* Update Prometheus from v2.19.2 to [v2.20.0](https://github.com/prometheus/prometheus/releases/tag/v2.20.0) * Update Prometheus from v2.19.2 to [v2.20.0](https://github.com/prometheus/prometheus/releases/tag/v2.20.0)

View File

@ -183,6 +183,13 @@ storage:
inline: | inline: |
net.ipv4.conf.default.rp_filter=0 net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.*.rp_filter=0 net.ipv4.conf.*.rp_filter=0
- path: /etc/systemd/network/50-flannel.link
contents:
inline: |
[Match]
OriginalName=flannel*
[Link]
MACAddressPolicy=none
- path: /etc/systemd/system.conf.d/accounting.conf - path: /etc/systemd/system.conf.d/accounting.conf
contents: contents:
inline: | inline: |

View File

@ -110,6 +110,13 @@ storage:
inline: | inline: |
net.ipv4.conf.default.rp_filter=0 net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.*.rp_filter=0 net.ipv4.conf.*.rp_filter=0
- path: /etc/systemd/network/50-flannel.link
contents:
inline: |
[Match]
OriginalName=flannel*
[Link]
MACAddressPolicy=none
- path: /etc/systemd/system.conf.d/accounting.conf - path: /etc/systemd/system.conf.d/accounting.conf
contents: contents:
inline: | inline: |

View File

@ -182,6 +182,13 @@ storage:
inline: | inline: |
net.ipv4.conf.default.rp_filter=0 net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.*.rp_filter=0 net.ipv4.conf.*.rp_filter=0
- path: /etc/systemd/network/50-flannel.link
contents:
inline: |
[Match]
OriginalName=flannel*
[Link]
MACAddressPolicy=none
- path: /etc/systemd/system.conf.d/accounting.conf - path: /etc/systemd/system.conf.d/accounting.conf
contents: contents:
inline: | inline: |

View File

@ -109,6 +109,13 @@ storage:
inline: | inline: |
net.ipv4.conf.default.rp_filter=0 net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.*.rp_filter=0 net.ipv4.conf.*.rp_filter=0
- path: /etc/systemd/network/50-flannel.link
contents:
inline: |
[Match]
OriginalName=flannel*
[Link]
MACAddressPolicy=none
- path: /etc/systemd/system.conf.d/accounting.conf - path: /etc/systemd/system.conf.d/accounting.conf
contents: contents:
inline: | inline: |

View File

@ -193,6 +193,13 @@ storage:
inline: | inline: |
net.ipv4.conf.default.rp_filter=0 net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.*.rp_filter=0 net.ipv4.conf.*.rp_filter=0
- path: /etc/systemd/network/50-flannel.link
contents:
inline: |
[Match]
OriginalName=flannel*
[Link]
MACAddressPolicy=none
- path: /etc/systemd/system.conf.d/accounting.conf - path: /etc/systemd/system.conf.d/accounting.conf
contents: contents:
inline: | inline: |

View File

@ -111,6 +111,13 @@ storage:
inline: | inline: |
net.ipv4.conf.default.rp_filter=0 net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.*.rp_filter=0 net.ipv4.conf.*.rp_filter=0
- path: /etc/systemd/network/50-flannel.link
contents:
inline: |
[Match]
OriginalName=flannel*
[Link]
MACAddressPolicy=none
- path: /etc/systemd/system.conf.d/accounting.conf - path: /etc/systemd/system.conf.d/accounting.conf
contents: contents:
inline: | inline: |

View File

@ -189,6 +189,13 @@ storage:
inline: | inline: |
net.ipv4.conf.default.rp_filter=0 net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.*.rp_filter=0 net.ipv4.conf.*.rp_filter=0
- path: /etc/systemd/network/50-flannel.link
contents:
inline: |
[Match]
OriginalName=flannel*
[Link]
MACAddressPolicy=none
- path: /etc/systemd/system.conf.d/accounting.conf - path: /etc/systemd/system.conf.d/accounting.conf
contents: contents:
inline: | inline: |

View File

@ -114,6 +114,13 @@ storage:
inline: | inline: |
net.ipv4.conf.default.rp_filter=0 net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.*.rp_filter=0 net.ipv4.conf.*.rp_filter=0
- path: /etc/systemd/network/50-flannel.link
contents:
inline: |
[Match]
OriginalName=flannel*
[Link]
MACAddressPolicy=none
- path: /etc/systemd/system.conf.d/accounting.conf - path: /etc/systemd/system.conf.d/accounting.conf
contents: contents:
inline: | inline: |

View File

@ -182,6 +182,13 @@ storage:
inline: | inline: |
net.ipv4.conf.default.rp_filter=0 net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.*.rp_filter=0 net.ipv4.conf.*.rp_filter=0
- path: /etc/systemd/network/50-flannel.link
contents:
inline: |
[Match]
OriginalName=flannel*
[Link]
MACAddressPolicy=none
- path: /etc/systemd/system.conf.d/accounting.conf - path: /etc/systemd/system.conf.d/accounting.conf
contents: contents:
inline: | inline: |

View File

@ -109,6 +109,13 @@ storage:
inline: | inline: |
net.ipv4.conf.default.rp_filter=0 net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.*.rp_filter=0 net.ipv4.conf.*.rp_filter=0
- path: /etc/systemd/network/50-flannel.link
contents:
inline: |
[Match]
OriginalName=flannel*
[Link]
MACAddressPolicy=none
- path: /etc/systemd/system.conf.d/accounting.conf - path: /etc/systemd/system.conf.d/accounting.conf
contents: contents:
inline: | inline: |