reflect ignore-loose-rpf requirement on lxd
Bug #2032986 reported by
Kevin W Monroe
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Calico Charm |
Triaged
|
Medium
|
Nick Veitch | ||
Bug Description
The ck8s release notes say:
Calico and related charms (Canal, Tigera Secure EE) also have a new
`ignore-loose-rpf` configuration option. By default, for security, these charms check
that the kernel has strict reverse path forwarding set (`net.ipv4.
set to `0` or `1`). In some circumstances you may need to set this to 2, in which case
you can now set `ignore-
But we don't expand on what circumstances that config is needed/useful. It'd be nice to update the config.yaml description for `ignore-loose-rpf` to note that it is required for calico in lxd, since we can't manipulate the host rp_filter sysctl value in a lxc container.
| Changed in charm-calico: | |
| milestone: | none → 1.29 |
| status: | New → Triaged |
| importance: | Undecided → Medium |
Revision history for this message
| Samuel Walladge (swalladge) wrote | #1 |
| Changed in charm-calico: | |
| assignee: | nobody → Nick Veitch (evilnick) |
| status: | Triaged → Fix Committed |
| status: | Fix Committed → Triaged |
Revision history for this message
| Kevin W Monroe (kwmonroe) wrote | #2 |
To post a comment you must log in.
I opened a pull request to the charmed k8s docs on deploying in lxd, to note this workaround. https:/