github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-27 13:37:30 +00:00
Code Issues Projects Releases Wiki Activity

Allow disabling nftables kernel version check

Browse Source
This commit is contained in:
Dan Winship 2024-07-01 10:14:01 -04:00
parent 505f6833d9
commit b39fd03ee4
1 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pkg/proxy/nftables/proxier.go
View File

@ -29,6 +29,7 @@ import (
"encoding/base32"
"fmt"
"net"
"os"
"reflect"
"strconv"
"strings"
@ -296,6 +297,10 @@ func getNFTablesInterface(ipFamily v1.IPFamily) (knftables.Interface, error) {
// check the kernel version, under the assumption that the distro will have an nft
// binary that supports the same features as its kernel does, and so kernel 5.13
// or later implies nft 1.0.1 or later. https://issues.k8s.io/122743
//
// However, we allow the user to bypass this check by setting
// `KUBE_PROXY_NFTABLES_SKIP_KERNEL_VERSION_CHECK` to anything non-empty.
if os.Getenv("KUBE_PROXY_NFTABLES_SKIP_KERNEL_VERSION_CHECK") != "" {
kernelVersion, err := utilkernel.GetVersion()
if err != nil {
return nil, fmt.Errorf("could not check kernel version: %w", err)
@ -303,6 +308,7 @@ func getNFTablesInterface(ipFamily v1.IPFamily) (knftables.Interface, error) {
if kernelVersion.LessThan(version.MustParseGeneric(utilkernel.NFTablesKubeProxyKernelVersion)) {
return nil, fmt.Errorf("kube-proxy in nftables mode requires kernel %s or later", utilkernel.NFTablesKubeProxyKernelVersion)
}
}
return nft, nil
}