From a08d82d94e59f6361345699df0f6bb991758489a Mon Sep 17 00:00:00 2001
From: zhengtianbao <china.zhengtianbao@gmail.com>
Date: Fri, 12 Nov 2021 21:06:46 -0600
Subject: [PATCH] calico add support for container ip forwarding setting
 (#8184)

---
 roles/network_plugin/calico/defaults/main.yml                | 3 +++
 roles/network_plugin/calico/templates/cni-calico.conflist.j2 | 5 +++++
 2 files changed, 8 insertions(+)

diff --git a/roles/network_plugin/calico/defaults/main.yml b/roles/network_plugin/calico/defaults/main.yml
index ac1229c02..4b0ca6669 100644
--- a/roles/network_plugin/calico/defaults/main.yml
+++ b/roles/network_plugin/calico/defaults/main.yml
@@ -123,3 +123,6 @@ calico_bgp_listen_port: 179
 # Calico FelixConfiguration options
 calico_felix_reporting_interval: 0s
 calico_felix_log_severity_screen: Info
+
+# Calico container settings
+calico_allow_ip_forwarding: false
diff --git a/roles/network_plugin/calico/templates/cni-calico.conflist.j2 b/roles/network_plugin/calico/templates/cni-calico.conflist.j2
index bc92f7009..acac05f51 100644
--- a/roles/network_plugin/calico/templates/cni-calico.conflist.j2
+++ b/roles/network_plugin/calico/templates/cni-calico.conflist.j2
@@ -38,6 +38,11 @@
         "ipv4_pools": ["{{ calico_pool_cidr | default(kube_pods_subnet) }}"]
       },
 {% endif %}
+{% if calico_allow_ip_forwarding %}
+      "container_settings": {
+        "allow_ip_forwarding": true
+      },
+{% endif %}
 {% if (calico_feature_control is defined) and (calico_feature_control|length > 0) %}
       "feature_control": {
         {% for fc in calico_feature_control -%}
-- 
GitLab