Enable netfilter for bridge, requirement for all CNI that use bridge

https://kubernetes.io/docs/concepts/cluster-administration/network-plugins/#network-plugin-requirements

Fixes #141

Author: murali-reddy

app/controllers/network_routes_controller.go

@@ -3,6 +3,7 @@ package controllers
 import (
 	"errors"
 	"fmt"
+	"io/ioutil"
 	"net"
 	"net/url"
 	"os/exec"
@@ -94,6 +95,14 @@ func (nrc *NetworkRoutingController) Run(stopCh <-chan struct{}, wg *sync.WaitGr
 		glog.Errorf("Failed to enable IP forwarding of traffic from pods: %s", err.Error())
 	}
 
+	// enable netfilter for the bridge
+	if _, err := exec.Command("modprobe", "br_netfilter").CombinedOutput(); err != nil {
+		glog.Errorf("Failed to enable netfilter for bridge. Network policies and service proxy may not work: %s", err.Error())
+	}
+	if err = ioutil.WriteFile("/proc/sys/net/bridge/bridge-nf-call-iptables", []byte(strconv.Itoa(1)), 0640); err != nil {
+		glog.Errorf("Failed to enable netfilter for bridge. Network policies and service proxy may not work: %s", err.Error())
+	}
+
 	t := time.NewTicker(nrc.syncPeriod)
 	defer t.Stop()
 	defer wg.Done()