cmd/k8s-operator/deploy/manifests: check if IPv6 module is loaded before using it

Before attempting to enable IPv6 forwarding in the proxy init container check if the relevant module is found, else the container crashes on hosts that don't have it. Updates#11860 Signed-off-by: Irbe Krumina <irbe@tailscale.com>
2024-04-24 21:21:54 +01:00 · 2024-04-24 21:21:54 +01:00 · 2fa7d1d836
parent 5d4b4ffc3c
commit 2fa7d1d836
2 changed files with 4 additions and 6 deletions
--- a/cmd/k8s-operator/deploy/manifests/proxy.yaml
+++ b/cmd/k8s-operator/deploy/manifests/proxy.yaml
@ -14,10 +14,8 @@ spec:
        - name: sysctler
          securityContext:
            privileged: true
-          command: ["/bin/sh"]
-          args:
-            - -c
-            - sysctl -w net.ipv4.ip_forward=1 net.ipv6.conf.all.forwarding=1
+          command: ["/bin/sh", "-c"]
+          args: [sysctl -w net.ipv4.ip_forward=1; if sysctl net.ipv6.conf.all.forwarding; then sysctl -w net.ipv6.conf.all.forwarding=1; fi]
      resources:
        requests:
          cpu: 1m
--- a/cmd/k8s-operator/testutils_test.go
+++ b/cmd/k8s-operator/testutils_test.go
@ -184,8 +184,8 @@ func expectedSTS(t *testing.T, cl client.Client, opts configOpts) *appsv1.Statef
 						{
 							Name:    "sysctler",
 							Image:   "tailscale/tailscale",
-							Command: []string{"/bin/sh"},
-							Args:    []string{"-c", "sysctl -w net.ipv4.ip_forward=1 net.ipv6.conf.all.forwarding=1"},
+							Command: []string{"/bin/sh", "-c"},
+							Args:    []string{"sysctl -w net.ipv4.ip_forward=1; if sysctl net.ipv6.conf.all.forwarding; then sysctl -w net.ipv6.conf.all.forwarding=1; fi"},
 							SecurityContext: &corev1.SecurityContext{
 								Privileged: ptr.To(true),
 							},