When using Calico on 1.14 the calico-node pods go into a crash-loop because they detect the kernel has RPF checking set to 'loose':
[FATAL][1343] int_dataplane.go 824: Kernel's RPF check is set to 'loose'. This would allow endpoints to spoof their IP address. Calico requires net.ipv4.conf.all.rp_filter to be set to 0 or 1. If you require loose RPF and you are not concerned about spoofing, this check can be disabled by setting the IgnoreLooseRPF configuration parameter to 'true'.
I've looked for a way to override the default Calico configuration that kubeadm-dind-cluster applies during setup, but wasn't able to find anything. For the time being I've tested that this fixes the problem I've encountered by manually editing the calico-node daemonset to include the FELIX_IGNORELOOSERPF environment variable as documented.
In response to [this](https://github.com/kubernetes-sigs/kubeadm-dind-cluster/issues/311#issuecomment-515756934):
>Closing as this project is being deprecated and retired in favor of [KinD](https://github.com/kubernetes-sigs/kind).
>
>Please see this issue for more details:
>https://github.com/kubernetes/org/issues/1016
>
>/close
Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
When using Calico on 1.14 the calico-node pods go into a crash-loop because they detect the kernel has RPF checking set to 'loose':
Looking at the Calico documentation https://docs.projectcalico.org/v3.0/reference/felix/configuration#iptables-dataplane-configuration they have a setting to ignore this situation: the
IgnoreLooseRPF
config setting, or theFELIX_IGNORELOOSERPF
environment variable.I've looked for a way to override the default Calico configuration that kubeadm-dind-cluster applies during setup, but wasn't able to find anything. For the time being I've tested that this fixes the problem I've encountered by manually editing the
calico-node
daemonset to include theFELIX_IGNORELOOSERPF
environment variable as documented.