cmd/k8s-operator/deploy/manifests: check if IPv6 module is loaded before using it (#11867)

Before attempting to enable IPv6 forwarding in the proxy init container
check if the relevant module is found, else the container crashes
on hosts that don't have it.

Updates#11860

Signed-off-by: Irbe Krumina <irbe@tailscale.com>
pull/11749/merge
Irbe Krumina 7 months ago committed by GitHub
parent d02f1be46a
commit 7d9c3f9897
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

@ -14,10 +14,8 @@ spec:
- name: sysctler - name: sysctler
securityContext: securityContext:
privileged: true privileged: true
command: ["/bin/sh"] command: ["/bin/sh", "-c"]
args: args: [sysctl -w net.ipv4.ip_forward=1 && if sysctl net.ipv6.conf.all.forwarding; then sysctl -w net.ipv6.conf.all.forwarding=1; fi]
- -c
- sysctl -w net.ipv4.ip_forward=1 net.ipv6.conf.all.forwarding=1
resources: resources:
requests: requests:
cpu: 1m cpu: 1m

@ -189,8 +189,8 @@ func expectedSTS(t *testing.T, cl client.Client, opts configOpts) *appsv1.Statef
{ {
Name: "sysctler", Name: "sysctler",
Image: "tailscale/tailscale", Image: "tailscale/tailscale",
Command: []string{"/bin/sh"}, Command: []string{"/bin/sh", "-c"},
Args: []string{"-c", "sysctl -w net.ipv4.ip_forward=1 net.ipv6.conf.all.forwarding=1"}, Args: []string{"sysctl -w net.ipv4.ip_forward=1 && if sysctl net.ipv6.conf.all.forwarding; then sysctl -w net.ipv6.conf.all.forwarding=1; fi"},
SecurityContext: &corev1.SecurityContext{ SecurityContext: &corev1.SecurityContext{
Privileged: ptr.To(true), Privileged: ptr.To(true),
}, },

Loading…
Cancel
Save