agent: move the iptables bridge forwarding disable to agent register

The DisableBridgeNF() placed in init() would cause phantom error message while restart/kill the network-manager pod. Move it to agent register to prevent the unexpected invoke. Fixes: 6521629 ("Disable iptables bridge forwarding on initializatio")
harvester · Oct 17, 2024 · bced981 · bced981
1 parent f81a622
commit bced981
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 6 deletions.
diff --git a/pkg/controller/agent/vlanconfig/controller.go b/pkg/controller/agent/vlanconfig/controller.go
@@ -62,6 +62,10 @@ func Register(ctx context.Context, management *config.Management) error {
 		cnCache:    cns.Cache(),
 	}
 
+	if err := handler.initialize(); err != nil {
+		return fmt.Errorf("initialize error: %w", err)
+	}
+
 	vcs.OnChange(ctx, ControllerName, handler.OnChange)
 	vcs.OnRemove(ctx, ControllerName, handler.OnRemove)
 
@@ -121,6 +125,13 @@ func (h Handler) OnRemove(_ string, vc *networkv1.VlanConfig) (*networkv1.VlanCo
 	return vc, nil
 }
 
+func (h Handler) initialize() error {
+	if err := iface.DisableBridgeNF(); err != nil {
+		return fmt.Errorf("disable net.bridge.bridge-nf-call-iptables failed, error: %v", err)
+	}
+	return nil
+}
+
 // MatchNode will also return the executed vlanconfig with the same clusterNetwork on this node if existing
 func (h Handler) MatchNode(vc *networkv1.VlanConfig) (bool, error) {
 	if vc.Annotations == nil || vc.Annotations[utils.KeyMatchedNodes] == "" {

diff --git a/pkg/network/vlan/vlan.go b/pkg/network/vlan/vlan.go
@@ -142,9 +142,3 @@ func (v *Vlan) Bridge() *iface.Bridge {
 func (v *Vlan) Uplink() *iface.Link {
 	return v.uplink
 }
-
-func init() {
-	if err := iface.DisableBridgeNF(); err != nil {
-		klog.Fatalf("disable net.bridge.bridge-nf-call-iptables failed, error: %v", err)
-	}
-}