github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-27 21:47:07 +00:00
Code Issues Projects Releases Wiki Activity

Allow disabling nftables kernel version check

Browse Source
This commit is contained in:
Dan Winship 2024-07-01 10:14:01 -04:00
parent 505f6833d9
commit b39fd03ee4
1 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pkg/proxy/nftables/proxier.go
View File

@ -29,6 +29,7 @@ import (
"encoding/base32" "encoding/base32"
"fmt" "fmt"
"net" "net"
"os"
"reflect" "reflect"
"strconv" "strconv"
"strings" "strings"
@ -296,6 +297,10 @@ func getNFTablesInterface(ipFamily v1.IPFamily) (knftables.Interface, error) {
// check the kernel version, under the assumption that the distro will have an nft // check the kernel version, under the assumption that the distro will have an nft
// binary that supports the same features as its kernel does, and so kernel 5.13 // binary that supports the same features as its kernel does, and so kernel 5.13
// or later implies nft 1.0.1 or later. https://issues.k8s.io/122743 // or later implies nft 1.0.1 or later. https://issues.k8s.io/122743
//
// However, we allow the user to bypass this check by setting
// `KUBE_PROXY_NFTABLES_SKIP_KERNEL_VERSION_CHECK` to anything non-empty.
if os.Getenv("KUBE_PROXY_NFTABLES_SKIP_KERNEL_VERSION_CHECK") != "" {
kernelVersion, err := utilkernel.GetVersion() kernelVersion, err := utilkernel.GetVersion()
if err != nil { if err != nil {
return nil, fmt.Errorf("could not check kernel version: %w", err) return nil, fmt.Errorf("could not check kernel version: %w", err)
@ -303,6 +308,7 @@ func getNFTablesInterface(ipFamily v1.IPFamily) (knftables.Interface, error) {
if kernelVersion.LessThan(version.MustParseGeneric(utilkernel.NFTablesKubeProxyKernelVersion)) { if kernelVersion.LessThan(version.MustParseGeneric(utilkernel.NFTablesKubeProxyKernelVersion)) {
return nil, fmt.Errorf("kube-proxy in nftables mode requires kernel %s or later", utilkernel.NFTablesKubeProxyKernelVersion) return nil, fmt.Errorf("kube-proxy in nftables mode requires kernel %s or later", utilkernel.NFTablesKubeProxyKernelVersion)
} }
}
return nft, nil return nft, nil
} }