From 5f2a4d4209f4663d04c8bef3f50960f8d3f97126 Mon Sep 17 00:00:00 2001
From: Michal Rostecki <vadorovsky@gmail.com>
Date: Mon, 25 Apr 2022 15:41:49 +0200
Subject: [PATCH] server: Allow to enable network policies with IPv6-only

After previous changes, network policies are working on IPv6-only
installations.

Signed-off-by: Michal Rostecki <vadorovsky@gmail.com>
---
 pkg/agent/netpol/netpol.go | 20 +++++++++++---------
 pkg/cli/server/server.go   |  7 -------
 2 files changed, 11 insertions(+), 16 deletions(-)

diff --git a/pkg/agent/netpol/netpol.go b/pkg/agent/netpol/netpol.go
index 81861d6d2f..60df8bfea1 100644
--- a/pkg/agent/netpol/netpol.go
+++ b/pkg/agent/netpol/netpol.go
@@ -80,17 +80,19 @@ func Run(ctx context.Context, nodeConfig *config.Node) error {
 	iptablesCmdHandlers := make(map[v1core.IPFamily]utils.IPTablesHandler, 2)
 	ipSetHandlers := make(map[v1core.IPFamily]utils.IPSetHandler, 2)
 
-	iptHandler, err := iptables.NewWithProtocol(iptables.ProtocolIPv4)
-	if err != nil {
-		return errors.Wrap(err, "failed to create iptables handler")
-	}
-	iptablesCmdHandlers[v1core.IPv4Protocol] = iptHandler
+	if nodeConfig.AgentConfig.EnableIPv4 {
+		iptHandler, err := iptables.NewWithProtocol(iptables.ProtocolIPv4)
+		if err != nil {
+			return errors.Wrap(err, "failed to create iptables handler")
+		}
+		iptablesCmdHandlers[v1core.IPv4Protocol] = iptHandler
 
-	ipset, err := utils.NewIPSet(false)
-	if err != nil {
-		return errors.Wrap(err, "failed to create ipset handler")
+		ipset, err := utils.NewIPSet(false)
+		if err != nil {
+			return errors.Wrap(err, "failed to create ipset handler")
+		}
+		ipSetHandlers[v1core.IPv4Protocol] = ipset
 	}
-	ipSetHandlers[v1core.IPv4Protocol] = ipset
 
 	if nodeConfig.AgentConfig.EnableIPv6 {
 		ipt6Handler, err := iptables.NewWithProtocol(iptables.ProtocolIPv6)
diff --git a/pkg/cli/server/server.go b/pkg/cli/server/server.go
index 65faaee472..da03d411a1 100644
--- a/pkg/cli/server/server.go
+++ b/pkg/cli/server/server.go
@@ -528,13 +528,6 @@ func validateNetworkConfiguration(serverConfig server.Config) error {
 		return errors.New("dual-stack cluster-dns is not supported")
 	}
 
-	IPv6OnlyService, _ := util.IsIPv6OnlyCIDRs(serverConfig.ControlConfig.ServiceIPRanges)
-	if IPv6OnlyService {
-		if serverConfig.ControlConfig.DisableNPC == false {
-			return errors.New("network policy enforcement is not compatible with IPv6 only operation; server must be restarted with --disable-network-policy")
-		}
-	}
-
 	return nil
 }