Kubeadm should check for bridge-nf-call-ip6tables

With this change, Kubeadm will check that /proc/sys/net/bridge/bridge-nf-call-ip6tables is set to 1 in preflight when using IPv6. This is similar to how it currenltly checks for bridge-nf-call-iptables.
2017-09-25 14:31:02 -04:00 · 2017-09-25 14:31:02 -04:00 · 9ad3116f10
parent c3d47b683b
commit 9ad3116f10
2 changed files with 35 additions and 0 deletions
--- a/cmd/kubeadm/app/preflight/checks.go
+++ b/cmd/kubeadm/app/preflight/checks.go
@ -55,6 +55,7 @@ import (

 const (
 	bridgenf                    = "/proc/sys/net/bridge/bridge-nf-call-iptables"
+	bridgenf6                   = "/proc/sys/net/bridge/bridge-nf-call-ip6tables"
 	externalEtcdRequestTimeout  = time.Duration(10 * time.Second)
 	externalEtcdRequestRetries  = 3
 	externalEtcdRequestInterval = time.Duration(5 * time.Second)
@ -700,6 +701,13 @@ func RunInitMasterChecks(cfg *kubeadmapi.MasterConfiguration) error {
 		}
 	}

+	if ip := net.ParseIP(cfg.API.AdvertiseAddress); ip != nil {
+		if ip.To4() == nil && ip.To16() != nil {
+			checks = append(checks,
+				FileContentCheck{Path: bridgenf6, Content: []byte{'1'}},
+			)
+		}
+	}
 	return RunChecks(checks, os.Stderr)
 }

@ -734,6 +742,15 @@ func RunJoinNodeChecks(cfg *kubeadmapi.NodeConfiguration) error {
 		InPathCheck{executable: "touch", mandatory: false},
 	}

+	if len(cfg.DiscoveryTokenAPIServers) > 0 {
+		if ip := net.ParseIP(cfg.DiscoveryTokenAPIServers[0]); ip != nil {
+			if ip.To4() == nil && ip.To16() != nil {
+				checks = append(checks,
+					FileContentCheck{Path: bridgenf6, Content: []byte{'1'}},
+				)
+			}
+		}
+	}
 	return RunChecks(checks, os.Stderr)
 }

--- a/cmd/kubeadm/app/preflight/checks_test.go
+++ b/cmd/kubeadm/app/preflight/checks_test.go
@ -205,6 +205,12 @@ func TestRunInitMasterChecks(t *testing.T) {
 			},
 			expected: false,
 		},
+		{
+			cfg: &kubeadmapi.MasterConfiguration{
+				API: kubeadmapi.API{AdvertiseAddress: "2001:1234::1:15"},
+			},
+			expected: false,
+		},
 	}

 	for _, rt := range tests {
@ -229,6 +235,18 @@ func TestRunJoinNodeChecks(t *testing.T) {
 			cfg:      &kubeadmapi.NodeConfiguration{},
 			expected: false,
 		},
+		{
+			cfg: &kubeadmapi.NodeConfiguration{
+				DiscoveryTokenAPIServers: []string{"192.168.1.15"},
+			},
+			expected: false,
+		},
+		{
+			cfg: &kubeadmapi.NodeConfiguration{
+				DiscoveryTokenAPIServers: []string{"2001:1234::1:15"},
+			},
+			expected: false,
+		},
 	}

 	for _, rt := range tests {