You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: pkg/preflights/host-preflight.yaml
+23-23Lines changed: 23 additions & 23 deletions
Original file line number
Diff line number
Diff line change
@@ -869,7 +869,7 @@ spec:
869
869
outcomes:
870
870
- fail:
871
871
when: "true"
872
-
message: The node IP {{ .NodeIP }} must not be within the Pod CIDR range {{ .PodCIDR.CIDR }}. Choose a different Pod CIDR or network interface.
872
+
message: The node IP {{ .NodeIP }} cannot be within the Pod CIDR range {{ .PodCIDR.CIDR }}. Use --pod-cidr to specify a different Pod CIDR, or use --network-interface to specify a different network interface.
873
873
- pass:
874
874
when: "false"
875
875
message: The node IP {{ .NodeIP }} is not within the Pod CIDR range {{ .PodCIDR.CIDR }}.
@@ -881,7 +881,7 @@ spec:
881
881
outcomes:
882
882
- fail:
883
883
when: "true"
884
-
message: The node IP {{ .NodeIP }} must not be within the Service CIDR range {{ .ServiceCIDR.CIDR }}. Choose a different Service CIDR or network interface.
884
+
message: The node IP {{ .NodeIP }} cannot be within the Service CIDR range {{ .ServiceCIDR.CIDR }}. Use --service-cidr to specify a different Service CIDR, or use --network-interface to specify a different network interface.
885
885
- pass:
886
886
when: "false"
887
887
message: The node IP {{ .NodeIP }} is not within the Service CIDR range {{ .ServiceCIDR.CIDR }}.
@@ -893,7 +893,7 @@ spec:
893
893
outcomes:
894
894
- fail:
895
895
when: "true"
896
-
message: The node IP {{ .NodeIP }} must not be within the Global CIDR range {{ .GlobalCIDR.CIDR }}. Choose a different CIDR or network interface.
896
+
message: The node IP {{ .NodeIP }} cannot be within the CIDR range {{ .GlobalCIDR.CIDR }}. Use --cidr to specify a different CIDR block of available private IP addresses (/16 or larger), or use --network-interface to specify a different network interface.
897
897
- pass:
898
898
when: "false"
899
899
message: The node IP {{ .NodeIP }} is not within the Global CIDR range {{ .GlobalCIDR.CIDR }}.
@@ -902,61 +902,61 @@ spec:
902
902
outcomes:
903
903
- fail:
904
904
when: 'net.ipv4.conf.default.arp_filter > 0'
905
-
message: "ARP filtering must be disabled by default for newly created interfaces on the host. To disable it, edit /etc/sysctl.conf, add the line 'net.ipv4.conf.default.arp_filter=0', and run 'sudo sysctl -p'."
905
+
message: "ARP filtering must be disabled by default for newly created interfaces. To disable it, edit /etc/sysctl.conf, add the line 'net.ipv4.conf.default.arp_filter=0', and run 'sudo sysctl -p'."
906
906
- pass:
907
907
when: 'net.ipv4.conf.default.arp_filter == 0'
908
-
message: "ARP filtering is disabled by default for newly created interfaces on the host."
908
+
message: "ARP filtering is disabled by default for newly created interfaces."
909
909
- sysctl:
910
910
checkName: "ARP Filter value for all interfaces"
911
911
outcomes:
912
912
- fail:
913
913
when: 'net.ipv4.conf.all.arp_filter > 0'
914
-
message: "ARP filtering must be disabled for all interfaces on the host. To disable it, edit /etc/sysctl.conf, add the line 'net.ipv4.conf.all.arp_filter=0', and run 'sudo sysctl -p'."
914
+
message: "ARP filtering must be disabled for all interfaces. To disable it, edit /etc/sysctl.conf, add the line 'net.ipv4.conf.all.arp_filter=0', and run 'sudo sysctl -p'."
915
915
- pass:
916
916
when: 'net.ipv4.conf.all.arp_filter == 0'
917
-
message: "ARP filtering is disabled for all interfaces on the host."
917
+
message: "ARP filtering is disabled for all interfaces."
918
918
- sysctl:
919
919
checkName: "ARP Ignore default value for newly created interfaces"
920
920
outcomes:
921
921
- fail:
922
922
when: 'net.ipv4.conf.default.arp_ignore > 0'
923
-
message: "ARP ignore must be disabled by default for newly created interfaces on the host. To disable it, edit /etc/sysctl.conf, add the line 'net.ipv4.conf.default.arp_ignore=0', and run 'sudo sysctl -p'."
923
+
message: "ARP ignore must be disabled by default for newly created interfaces. To disable it, edit /etc/sysctl.conf, add the line 'net.ipv4.conf.default.arp_ignore=0', and run 'sudo sysctl -p'."
924
924
- pass:
925
925
when: 'net.ipv4.conf.default.arp_ignore == 0'
926
-
message: "ARP ignore is disabled by default for newly created interfaces on the host."
926
+
message: "ARP ignore is disabled by default for newly created interfaces."
927
927
- sysctl:
928
928
checkName: "ARP Ignore value for all interfaces"
929
929
outcomes:
930
930
- fail:
931
931
when: 'net.ipv4.conf.all.arp_ignore > 0'
932
-
message: "ARP ignore must be disabled for all interfaces on the host. To disable it, edit /etc/sysctl.conf, add the line 'net.ipv4.conf.all.arp_ignore=0', and run 'sudo sysctl -p'."
932
+
message: "ARP ignore must be disabled for all interfaces. To disable it, edit /etc/sysctl.conf, add the line 'net.ipv4.conf.all.arp_ignore=0', and run 'sudo sysctl -p'."
933
933
- pass:
934
934
when: 'net.ipv4.conf.all.arp_ignore == 0'
935
-
message: "ARP ignore is disabled for all interfaces on the host."
935
+
message: "ARP ignore is disabled for all interfaces."
936
936
- sysctl:
937
937
checkName: "Reverse Path Filtering default value for newly created interfaces"
938
938
outcomes:
939
939
- fail:
940
940
when: 'net.ipv4.conf.default.rp_filter == 1'
941
-
message: "Reverse path filtering must be set to either loose mode (2 - preferred) or disabled (0) for newly created interfaces on the host. To change it, edit /etc/sysctl.conf, add the line 'net.ipv4.conf.default.rp_filter=2', and run 'sudo sysctl -p'."
941
+
message: "Reverse path filtering must be set to either loose mode (2 - preferred) or disabled (0) for newly created interfaces. To change it, edit /etc/sysctl.conf, add the line 'net.ipv4.conf.default.rp_filter=2', and run 'sudo sysctl -p'."
942
942
- pass:
943
943
when: 'net.ipv4.conf.default.rp_filter == 2'
944
-
message: "Reverse path filtering is set to loose mode for newly created interfaces on the host."
944
+
message: "Reverse path filtering is set to loose mode for newly created interfaces."
945
945
- pass:
946
946
when: 'net.ipv4.conf.default.rp_filter == 0'
947
-
message: "Reverse path filtering is disabled for newly created interfaces on the host."
947
+
message: "Reverse path filtering is disabled for newly created interfaces."
948
948
- sysctl:
949
949
checkName: "Reverse Path Filtering value for all interfaces"
950
950
outcomes:
951
951
- fail:
952
952
when: 'net.ipv4.conf.all.rp_filter == 1'
953
-
message: "Reverse path filtering must be set to either loose mode (2 - preferred) or disabled (0) for all interfaces on the host. To change it, edit /etc/sysctl.conf, add the line 'net.ipv4.conf.all.rp_filter=2', and run 'sudo sysctl -p'."
953
+
message: "Reverse path filtering must be set to either loose mode (2 - preferred) or disabled (0) for all interfaces. To change it, edit /etc/sysctl.conf, add the line 'net.ipv4.conf.all.rp_filter=2', and run 'sudo sysctl -p'."
954
954
- pass:
955
955
when: 'net.ipv4.conf.all.rp_filter == 2'
956
-
message: "Reverse path filtering is set to loose mode for all interfaces on the host."
956
+
message: "Reverse path filtering is set to loose mode for all interfaces."
957
957
- pass:
958
958
when: 'net.ipv4.conf.all.rp_filter == 0'
959
-
message: "Reverse path filtering is disabled for all interfaces on the host."
959
+
message: "Reverse path filtering is disabled for all interfaces."
960
960
- sysctl:
961
961
checkName: "IP forwarding"
962
962
outcomes:
@@ -971,19 +971,19 @@ spec:
971
971
outcomes:
972
972
- fail:
973
973
when: 'net.ipv4.conf.all.forwarding == 0'
974
-
message: "IP forwarding must be enabled. To enable it, edit /etc/sysctl.conf, add or uncomment the line 'net.ipv4.conf.all.forwarding=1', and run 'sudo sysctl -p'."
974
+
message: "IP forwarding must be enabled for all interfaces. To enable it, edit /etc/sysctl.conf, add or uncomment the line 'net.ipv4.conf.all.forwarding=1', and run 'sudo sysctl -p'."
975
975
- pass:
976
976
when: 'net.ipv4.conf.all.forwarding == 1'
977
-
message: "IP forwarding is enabled."
977
+
message: "IP forwarding is enabled for all interfaces."
978
978
- sysctl:
979
-
checkName: "IP forwarding for the default interface"
979
+
checkName: "IP forwarding default value for newly created interfaces"
980
980
outcomes:
981
981
- fail:
982
982
when: 'net.ipv4.conf.default.forwarding == 0'
983
-
message: "IP forwarding must be enabled. To enable it, edit /etc/sysctl.conf, add or uncomment the line 'net.ipv4.conf.default.forwarding=1', and run 'sudo sysctl -p'."
983
+
message: "IP forwarding must be enabled for newly created interfaces. To enable it, edit /etc/sysctl.conf, add or uncomment the line 'net.ipv4.conf.default.forwarding=1', and run 'sudo sysctl -p'."
984
984
- pass:
985
985
when: 'net.ipv4.conf.default.forwarding == 1'
986
-
message: "IP forwarding is enabled."
986
+
message: "IP forwarding is enabled for newly created interfaces."
987
987
- sysctl:
988
988
checkName: "Bridge netfilter call iptables"
989
989
outcomes:
@@ -1061,7 +1061,7 @@ spec:
1061
1061
outcomes:
1062
1062
- fail:
1063
1063
when: "Mode == Enforcing"
1064
-
message: SELinux must be disabled or run in permissive mode.
1064
+
message: SELinux must be disabled or run in permissive mode. To run SELinux in permissive mode, edit /etc/selinux/config, change the line 'SELINUX=enforcing' to 'SELINUX=permissive', save the file, and reboot. You can run getenforce to verify the change."
0 commit comments