From fd7db2396109ae193355c78989712f1e4b0afe33 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Tue, 15 Nov 2022 08:10:12 +0000 Subject: [PATCH] Add rootless IPv6 support Signed-off-by: Brad Davidson (cherry picked from commit 6f2b21c5cd38c0cb3f36870a517a29736236449c) Signed-off-by: Brad Davidson --- pkg/agent/run.go | 6 +++++- pkg/cli/server/server.go | 6 +++++- pkg/rootless/rootless.go | 17 +++++++++++++---- pkg/rootless/rootless_windows.go | 4 ++-- 4 files changed, 25 insertions(+), 8 deletions(-) diff --git a/pkg/agent/run.go b/pkg/agent/run.go index 7c4ba2112b..dacdf08f5c 100644 --- a/pkg/agent/run.go +++ b/pkg/agent/run.go @@ -258,7 +258,11 @@ func Run(ctx context.Context, cfg cmds.Agent) error { } if cfg.Rootless && !cfg.RootlessAlreadyUnshared { - if err := rootless.Rootless(cfg.DataDir); err != nil { + dualNode, err := utilsnet.IsDualStackIPStrings(cfg.NodeIP) + if err != nil { + return err + } + if err := rootless.Rootless(cfg.DataDir, dualNode); err != nil { return err } } diff --git a/pkg/cli/server/server.go b/pkg/cli/server/server.go index 39b3afdb71..0fd4b3f6b2 100644 --- a/pkg/cli/server/server.go +++ b/pkg/cli/server/server.go @@ -81,7 +81,11 @@ func run(app *cli.Context, cfg *cmds.Server, leaderControllers server.CustomCont } cfg.DataDir = dataDir if !cfg.DisableAgent { - if err := rootless.Rootless(dataDir); err != nil { + dualNode, err := utilsnet.IsDualStackIPStrings(cmds.AgentConfig.NodeIP) + if err != nil { + return err + } + if err := rootless.Rootless(dataDir, dualNode); err != nil { return err } } diff --git a/pkg/rootless/rootless.go b/pkg/rootless/rootless.go index 4cc51d3bbe..1611d90f81 100644 --- a/pkg/rootless/rootless.go +++ b/pkg/rootless/rootless.go @@ -29,11 +29,12 @@ var ( mtuEnv = "K3S_ROOTLESS_MTU" cidrEnv = "K3S_ROOTLESS_CIDR" + enableIPv6Env = "K3S_ROOTLESS_ENABLE_IPV6" portDriverEnv = "K3S_ROOTLESS_PORT_DRIVER" disableLoopbackEnv = "K3S_ROOTLESS_DISABLE_HOST_LOOPBACK" ) -func Rootless(stateDir string) error { +func Rootless(stateDir string, enableIPv6 bool) error { defer func() { os.Unsetenv(pipeFD) os.Unsetenv(childEnv) @@ -66,7 +67,7 @@ func Rootless(stateDir string) error { if err := validateSysctl(); err != nil { logrus.Fatal(err) } - parentOpt, err := createParentOpt(driver, rootlessDir) + parentOpt, err := createParentOpt(driver, rootlessDir, enableIPv6) if err != nil { logrus.Fatal(err) } @@ -127,7 +128,7 @@ func parseCIDR(s string) (*net.IPNet, error) { return ipnet, nil } -func createParentOpt(driver portDriver, stateDir string) (*parent.Opt, error) { +func createParentOpt(driver portDriver, stateDir string, enableIPv6 bool) (*parent.Opt, error) { if err := os.MkdirAll(stateDir, 0755); err != nil { return nil, errors.Wrapf(err, "failed to mkdir %s", stateDir) } @@ -180,6 +181,14 @@ func createParentOpt(driver portDriver, stateDir string) (*parent.Opt, error) { } } + if val := os.Getenv(enableIPv6Env); val != "" { + if v, err := strconv.ParseBool(val); err != nil { + logrus.Warn("Failed to parse rootless enable-ipv6 value; using default") + } else { + enableIPv6 = v + } + } + cidr := "10.41.0.0/16" if val := os.Getenv(cidrEnv); val != "" { cidr = val @@ -193,7 +202,7 @@ func createParentOpt(driver portDriver, stateDir string) (*parent.Opt, error) { if _, err := exec.LookPath(binary); err != nil { return nil, err } - opt.NetworkDriver, err = slirp4netns.NewParentDriver(driver.LogWriter(), binary, mtu, ipnet, "tap0", disableHostLoopback, driver.APISocketPath(), false, false, false) + opt.NetworkDriver, err = slirp4netns.NewParentDriver(driver.LogWriter(), binary, mtu, ipnet, "tap0", disableHostLoopback, driver.APISocketPath(), false, false, enableIPv6) if err != nil { return nil, err } diff --git a/pkg/rootless/rootless_windows.go b/pkg/rootless/rootless_windows.go index 4431d0ab73..1d8ad5b00a 100644 --- a/pkg/rootless/rootless_windows.go +++ b/pkg/rootless/rootless_windows.go @@ -1,5 +1,5 @@ package rootless -func Rootless(stateDir string) error { - panic("Rootless not supported on windows") +func Rootless(stateDir string, enableIPv6 bool) error { + panic("Rootless is not supported on windows") }