From fb84c4f0f0e531ebc748fd510634a979b0877d25 Mon Sep 17 00:00:00 2001
From: Dan Winship <danwinship@redhat.com>
Date: Thu, 22 Dec 2022 14:57:14 -0500
Subject: [PATCH] Fix kube-proxy dual-stack-iptables-binary-presence check

Kube-proxy was checking that iptables supports both IPv4 and IPv6 and
falling back to single-stack if not. But it always fell back to the
primary IP family, regardless of which family iptables supported...
Fix it so that if the primary IP family isn't supported then it bails
out entirely.
---
 cmd/kube-proxy/app/server_others.go | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/cmd/kube-proxy/app/server_others.go b/cmd/kube-proxy/app/server_others.go
index 8a7b316ab6a..2a83d7191da 100644
--- a/cmd/kube-proxy/app/server_others.go
+++ b/cmd/kube-proxy/app/server_others.go
@@ -165,11 +165,11 @@ func newProxyServer(
 		ipt[1] = iptInterface
 	}
 
-	for _, perFamilyIpt := range ipt {
-		if !perFamilyIpt.Present() {
-			klog.InfoS("kube-proxy running in single-stack mode, this ipFamily is not supported", "ipFamily", perFamilyIpt.Protocol())
-			dualStack = false
-		}
+	if !ipt[0].Present() {
+		return nil, fmt.Errorf("iptables is not supported for primary IP family %q", primaryProtocol)
+	} else if !ipt[1].Present() {
+		klog.InfoS("kube-proxy running in single-stack mode: secondary ipFamily is not supported", "ipFamily", ipt[1].Protocol())
+		dualStack = false
 	}
 
 	if proxyMode == proxyconfigapi.ProxyModeIPTables {