From 8f1a81720a8be1b614065c3d2814a7a67e9194cb Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Sat, 20 Jan 2018 02:05:21 +0100
Subject: kube-proxy needs bridge-nf-call-iptables to be set

---
 roles/kubernetes-net/templates/ifupdown.sh.j2 | 1 +
 1 file changed, 1 insertion(+)

(limited to 'roles/kubernetes-net')

diff --git a/roles/kubernetes-net/templates/ifupdown.sh.j2 b/roles/kubernetes-net/templates/ifupdown.sh.j2
index 9bc82325..eef1b22f 100644
--- a/roles/kubernetes-net/templates/ifupdown.sh.j2
+++ b/roles/kubernetes-net/templates/ifupdown.sh.j2
@@ -24,6 +24,7 @@ case "$1" in
     ip addr add dev "$BR_IF" "$BR_IP_CIDR"
     ip link set up dev "$BR_IF"
     iptables -t nat -A POSTROUTING -s "$BR_NET_CIDR" -o "$INET_IF" -j MASQUERADE
+    modprobe br_netfilter
 
     # bring up wireguard tunnel to other nodes
     ip link add dev "$TUN_IF" type wireguard
-- 
cgit v1.2.3