Merge pull request #53014 from rpothier/kubeadm-ipv6

Automatic merge from submit-queue (batch tested with PRs 53194, 54257, 53014). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Kubeadm should check for bridge-nf-call-ip6tables With this change, Kubeadm will check that /proc/sys/net/bridge/bridge-nf-call-ip6tables is set to 1 in preflight when using IPv6. This is similar to how it currenltly checks for bridge-nf-call-iptables. **What this PR does / why we need it**: Curently Kubeadm checks that bridge-nf-call-iptables is set to 1, but does not check for bridge-nf-call-ip6tables. When using IPv6, kubeadm should check that this is set. **Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #53013 **Special notes for your reviewer**: **Release note**: ```release-note NONE ```
2025-08-19 08:40:42 +00:00 · 2017-10-20 03:19:14 -07:00 · 2017-10-20 03:19:14 -07:00 · a20a6cade0
commit a20a6cade0
parent 4282ab39fc 9ad3116f10
2 changed files with 35 additions and 0 deletions
--- a/cmd/kubeadm/app/preflight/checks.go
+++ b/cmd/kubeadm/app/preflight/checks.go
@ -55,6 +55,7 @@ import (

 const (
 	bridgenf                    = "/proc/sys/net/bridge/bridge-nf-call-iptables"
+	bridgenf6                   = "/proc/sys/net/bridge/bridge-nf-call-ip6tables"
 	externalEtcdRequestTimeout  = time.Duration(10 * time.Second)
 	externalEtcdRequestRetries  = 3
 	externalEtcdRequestInterval = time.Duration(5 * time.Second)
@ -700,6 +701,13 @@ func RunInitMasterChecks(cfg *kubeadmapi.MasterConfiguration) error {
 		}
 	}

+	if ip := net.ParseIP(cfg.API.AdvertiseAddress); ip != nil {
+		if ip.To4() == nil && ip.To16() != nil {
+			checks = append(checks,
+				FileContentCheck{Path: bridgenf6, Content: []byte{'1'}},
+			)
+		}
+	}
 	return RunChecks(checks, os.Stderr)
 }

@ -734,6 +742,15 @@ func RunJoinNodeChecks(cfg *kubeadmapi.NodeConfiguration) error {
 		InPathCheck{executable: "touch", mandatory: false},
 	}

+	if len(cfg.DiscoveryTokenAPIServers) > 0 {
+		if ip := net.ParseIP(cfg.DiscoveryTokenAPIServers[0]); ip != nil {
+			if ip.To4() == nil && ip.To16() != nil {
+				checks = append(checks,
+					FileContentCheck{Path: bridgenf6, Content: []byte{'1'}},
+				)
+			}
+		}
+	}
 	return RunChecks(checks, os.Stderr)
 }

--- a/cmd/kubeadm/app/preflight/checks_test.go
+++ b/cmd/kubeadm/app/preflight/checks_test.go
@ -205,6 +205,12 @@ func TestRunInitMasterChecks(t *testing.T) {
 			},
 			expected: false,
 		},
+		{
+			cfg: &kubeadmapi.MasterConfiguration{
+				API: kubeadmapi.API{AdvertiseAddress: "2001:1234::1:15"},
+			},
+			expected: false,
+		},
 	}

 	for _, rt := range tests {
@ -229,6 +235,18 @@ func TestRunJoinNodeChecks(t *testing.T) {
 			cfg:      &kubeadmapi.NodeConfiguration{},
 			expected: false,
 		},
+		{
+			cfg: &kubeadmapi.NodeConfiguration{
+				DiscoveryTokenAPIServers: []string{"192.168.1.15"},
+			},
+			expected: false,
+		},
+		{
+			cfg: &kubeadmapi.NodeConfiguration{
+				DiscoveryTokenAPIServers: []string{"2001:1234::1:15"},
+			},
+			expected: false,
+		},
 	}

 	for _, rt := range tests {