From eeb3b9f7e15b9b525b5c664ff1a97921e5488693 Mon Sep 17 00:00:00 2001
From: Matthew Mosesohn <mmosesohn@mirantis.com>
Date: Mon, 5 Dec 2016 20:14:05 +0300
Subject: [PATCH] Fix ipv4 forwarding on GCE

ipv4 forwarding gets broken when restarting networking, which
breaks all networking for all pods.
---
 roles/kubernetes/preinstall/tasks/main.yml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/roles/kubernetes/preinstall/tasks/main.yml b/roles/kubernetes/preinstall/tasks/main.yml
index 346a894e6..9c7d34c27 100644
--- a/roles/kubernetes/preinstall/tasks/main.yml
+++ b/roles/kubernetes/preinstall/tasks/main.yml
@@ -69,6 +69,17 @@
 - include: azure-credential-check.yml
   when: cloud_provider is defined and cloud_provider == 'azure'
 
+- name: Fix ipv4 forward rule in GCE security policy
+  lineinfile:
+    dest: /etc/sysctl.d/11-gce-network-security.conf
+    regexp: '^net.ipv4.ip_forward='
+    line: 'net.ipv4.ip_forward=1'
+    state: present
+    create: yes
+    backup: yes
+    validate: 'sysctl -f %s'
+  when: cloud_provider is defined and cloud_provider == 'gce'
+
 - name: Create cni directories
   file:
     path: "{{ item }}"