From 293cfd6c7600c5b61ee8432416d1db94818586ef Mon Sep 17 00:00:00 2001
From: Ryan Barry <rbarry@mirantis.com>
Date: Tue, 31 May 2022 11:44:34 -0400
Subject: [PATCH] Ensure performance tuning is always applied

Previously, with the patch from #43146, it was possible for a
network configured with a single ingress or load balancer on a
distribution which does not have the `ip_vs` kernel module loaded
by default to try to apply sysctls which did not exist yet, and
subsequently dynamically load the module as part of ipvs/netlink.go.

This module is vendored, and not a great place to try to tie back
into core libnetwork functionality, so also ensure that the sysctls
(which are idempotent) are called after ingress/lb creation once
`ipvs` has been initialized.

Signed-off-by: Ryan Barry <rbarry@mirantis.com>
---
 libnetwork/service_linux.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/libnetwork/service_linux.go b/libnetwork/service_linux.go
index c0b48e3027..1900c75fee 100644
--- a/libnetwork/service_linux.go
+++ b/libnetwork/service_linux.go
@@ -167,6 +167,10 @@ func (n *network) addLBBackend(ip net.IP, lb *loadBalancer) {
 	if err := i.NewDestination(s, d); err != nil && err != syscall.EEXIST {
 		logrus.Errorf("Failed to create real server %s for vip %s fwmark %d in sbox %.7s (%.7s): %v", ip, lb.vip, lb.fwMark, sb.ID(), sb.ContainerID(), err)
 	}
+
+	// Ensure that kernel tweaks are applied in case this is the first time
+	// we've initialized ip_vs
+	sb.osSbox.ApplyOSTweaks(sb.oslTypes)
 }
 
 // Remove loadbalancer backend the load balancing endpoint for this