From cbd8d5d645a3976fc5ce6c7a1a60e700ba380ebc Mon Sep 17 00:00:00 2001 From: Irbe Krumina Date: Wed, 24 Apr 2024 21:21:54 +0100 Subject: [PATCH] cmd/k8s-operator/deploy/manifests: check if IPv6 module is loaded before using it Before attempting to enable IPv6 forwarding in the proxy init container check if the relevant module is found, else the container crashes on hosts that don't have it. Updates#11860 Signed-off-by: Irbe Krumina --- cmd/k8s-operator/deploy/manifests/proxy.yaml | 6 ++---- cmd/k8s-operator/testutils_test.go | 4 ++-- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/cmd/k8s-operator/deploy/manifests/proxy.yaml b/cmd/k8s-operator/deploy/manifests/proxy.yaml index 50d5eac0a..a79d48d73 100644 --- a/cmd/k8s-operator/deploy/manifests/proxy.yaml +++ b/cmd/k8s-operator/deploy/manifests/proxy.yaml @@ -14,10 +14,8 @@ spec: - name: sysctler securityContext: privileged: true - command: ["/bin/sh"] - args: - - -c - - sysctl -w net.ipv4.ip_forward=1 net.ipv6.conf.all.forwarding=1 + command: ["/bin/sh", "-c"] + args: [sysctl -w net.ipv4.ip_forward=1 && if sysctl net.ipv6.conf.all.forwarding; then sysctl -w net.ipv6.conf.all.forwarding=1; fi] resources: requests: cpu: 1m diff --git a/cmd/k8s-operator/testutils_test.go b/cmd/k8s-operator/testutils_test.go index acd326e27..e7319327a 100644 --- a/cmd/k8s-operator/testutils_test.go +++ b/cmd/k8s-operator/testutils_test.go @@ -184,8 +184,8 @@ func expectedSTS(t *testing.T, cl client.Client, opts configOpts) *appsv1.Statef { Name: "sysctler", Image: "tailscale/tailscale", - Command: []string{"/bin/sh"}, - Args: []string{"-c", "sysctl -w net.ipv4.ip_forward=1 net.ipv6.conf.all.forwarding=1"}, + Command: []string{"/bin/sh", "-c"}, + Args: []string{"sysctl -w net.ipv4.ip_forward=1 && if sysctl net.ipv6.conf.all.forwarding; then sysctl -w net.ipv6.conf.all.forwarding=1; fi"}, SecurityContext: &corev1.SecurityContext{ Privileged: ptr.To(true), },