From 7d9c3f989742582ff82610db73a1238a93110989 Mon Sep 17 00:00:00 2001 From: Irbe Krumina Date: Mon, 29 Apr 2024 21:12:23 +0100 Subject: [PATCH] cmd/k8s-operator/deploy/manifests: check if IPv6 module is loaded before using it (#11867) Before attempting to enable IPv6 forwarding in the proxy init container check if the relevant module is found, else the container crashes on hosts that don't have it. Updates#11860 Signed-off-by: Irbe Krumina --- cmd/k8s-operator/deploy/manifests/proxy.yaml | 6 ++---- cmd/k8s-operator/testutils_test.go | 4 ++-- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/cmd/k8s-operator/deploy/manifests/proxy.yaml b/cmd/k8s-operator/deploy/manifests/proxy.yaml index 50d5eac0a..a79d48d73 100644 --- a/cmd/k8s-operator/deploy/manifests/proxy.yaml +++ b/cmd/k8s-operator/deploy/manifests/proxy.yaml @@ -14,10 +14,8 @@ spec: - name: sysctler securityContext: privileged: true - command: ["/bin/sh"] - args: - - -c - - sysctl -w net.ipv4.ip_forward=1 net.ipv6.conf.all.forwarding=1 + command: ["/bin/sh", "-c"] + args: [sysctl -w net.ipv4.ip_forward=1 && if sysctl net.ipv6.conf.all.forwarding; then sysctl -w net.ipv6.conf.all.forwarding=1; fi] resources: requests: cpu: 1m diff --git a/cmd/k8s-operator/testutils_test.go b/cmd/k8s-operator/testutils_test.go index abc93d5ef..ae9eaebd1 100644 --- a/cmd/k8s-operator/testutils_test.go +++ b/cmd/k8s-operator/testutils_test.go @@ -189,8 +189,8 @@ func expectedSTS(t *testing.T, cl client.Client, opts configOpts) *appsv1.Statef { Name: "sysctler", Image: "tailscale/tailscale", - Command: []string{"/bin/sh"}, - Args: []string{"-c", "sysctl -w net.ipv4.ip_forward=1 net.ipv6.conf.all.forwarding=1"}, + Command: []string{"/bin/sh", "-c"}, + Args: []string{"sysctl -w net.ipv4.ip_forward=1 && if sysctl net.ipv6.conf.all.forwarding; then sysctl -w net.ipv6.conf.all.forwarding=1; fi"}, SecurityContext: &corev1.SecurityContext{ Privileged: ptr.To(true), },