From 4b9b28ddb7ffbbf1a0ed78c64a4fd02f56cc9960 Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Sat, 11 Apr 2026 21:51:42 +1000 Subject: [PATCH] chore: disable rp_filter on k8s nodes (#461) - k8s control/compute are multihomed, must disable rp_filter Reviewed-on: https://git.unkin.net/unkin/puppet-prod/pulls/461 --- hieradata/roles/infra/k8s.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/hieradata/roles/infra/k8s.yaml b/hieradata/roles/infra/k8s.yaml index caa9c73..5d340ac 100644 --- a/hieradata/roles/infra/k8s.yaml +++ b/hieradata/roles/infra/k8s.yaml @@ -126,6 +126,13 @@ frrouting::ospf_exclude_k8s_enable: true frrouting::k8s_cluster_cidr: '10.42.0.0/16' # RKE2 cluster-cidr (pods) frrouting::k8s_service_cidr: '10.43.0.0/16' # RKE2 service-cidr +# sysctl recommendations +sysctl::base::values: + net.ipv4.conf.default.rp_filter: + value: '0' + net.ipv4.conf.all.rp_filter: + value: '0' + # add loopback interfaces to ssh list ssh::server::options: ListenAddress: