Added KB, which describes the problem of unreachability of the Harvester VIP from the VMs created within Harvester itself with the workaround.

[glovecchi0]

Added KB, which describes the problem of unreachability of the Harvester VIP from the VMs created within Harvester itself with the workaround.

[netlify]

✅ Deploy Preview for harvester-home-preview ready!

Name	Link
🔨 Latest commit	d299e40
🔍 Latest deploy log	https://app.netlify.com/sites/harvester-home-preview/deploys/65265e785c1dda00080e38e3
😎 Deploy Preview	https://deploy-preview-46--harvester-home-preview.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[connorkuehl]

I've been investigating this issue on the Harvester side, and I don't fully understand the impact of this recommendation.

For example, RKE1 and RKE2 both specifically set this sysctl to 1, presumably because the Kubernetes documentation[1] states:

For plugin developers and users who regularly build or deploy Kubernetes, the plugin may also need specific configuration to support kube-proxy. The iptables proxy depends on iptables, and the plugin may need to ensure that container traffic is made available to iptables. For example, if the plugin connects containers to a Linux bridge, the plugin must set the net/bridge/bridge-nf-call-iptables sysctl to 1 to ensure that the iptables proxy functions correctly.

and we definitely make use of the bridge CNI plugin.

Do you have any insight or pointers to any relevant docs to help us better understand the implication of setting this sysctl to 0?

[1] https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/#network-plugin-requirements