cmd/k8s-operator/deploy/manifests: check if IPv6 module is loaded before using it (#11867)

Before attempting to enable IPv6 forwarding in the proxy init container check if the relevant module is found, else the container crashes on hosts that don't have it. Updates#11860 Signed-off-by: Irbe Krumina <irbe@tailscale.com>
1 month ago · 7d9c3f9897
parent d02f1be46a
commit 7d9c3f9897
2 changed files with 4 additions and 6 deletions
--- a/cmd/k8s-operator/deploy/manifests/proxy.yaml
+++ b/cmd/k8s-operator/deploy/manifests/proxy.yaml
@ -14,10 +14,8 @@ spec:
        - name: sysctler
          securityContext:
            privileged: true
-          command: ["/bin/sh"]
+          command: ["/bin/sh", "-c"]
-          args:
+          args: [sysctl -w net.ipv4.ip_forward=1 && if sysctl net.ipv6.conf.all.forwarding; then sysctl -w net.ipv6.conf.all.forwarding=1; fi]
            - -c
            - sysctl -w net.ipv4.ip_forward=1 net.ipv6.conf.all.forwarding=1
      resources:
        requests:
          cpu: 1m
--- a/cmd/k8s-operator/testutils_test.go
+++ b/cmd/k8s-operator/testutils_test.go
@ -189,8 +189,8 @@ func expectedSTS(t *testing.T, cl client.Client, opts configOpts) *appsv1.Statef
 						{
 							Name:    "sysctler",
 							Image:   "tailscale/tailscale",
-							Command: []string{"/bin/sh"},
+							Command: []string{"/bin/sh", "-c"},
-							Args:    []string{"-c", "sysctl -w net.ipv4.ip_forward=1 net.ipv6.conf.all.forwarding=1"},
+							Args:    []string{"sysctl -w net.ipv4.ip_forward=1 && if sysctl net.ipv6.conf.all.forwarding; then sysctl -w net.ipv6.conf.all.forwarding=1; fi"},
 							SecurityContext: &corev1.SecurityContext{
 								Privileged: ptr.To(true),
 							},