Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Backport release-1.28] Whitelist local IPv6 CIDRs when airgapping nodes #4623

Merged
merged 2 commits into from
Jun 14, 2024

Conversation

This does the same to IPv6 that's done for IPv4. Allows the airgap
test to function if the SSH connection runs via IPv6. Also: check if
ip6table_filter is already loaded before trying to modprobe it. This
allows the integration test to work without sudo/doas when the module is
already loaded.

Signed-off-by: Tom Wieczorek <twieczorek@mirantis.com>
(cherry picked from commit e6bb827)
(cherry picked from commit 283139e)
(cherry picked from commit abceefb)
@k0s-bot k0s-bot requested a review from a team as a code owner June 13, 2024 14:28
@k0s-bot k0s-bot requested review from kke and makhov June 13, 2024 14:28
@twz123 twz123 changed the title [Backport release-1.28] [Backport release-1.29] Whitelist local IPv6 CIDRs when airgapping nodes [Backport release-1.28] Whitelist local IPv6 CIDRs when airgapping nodes Jun 13, 2024
@twz123 twz123 added chore area/smoke-tests backport/release-1.27 PR that needs to be backported/cherrypicked to release-1.27 branch labels Jun 13, 2024
Installing ip6tables after disrupting IPv4 traffic will fail utterly if
the machine uses IPv4 for package installations. Install both packages
in lockstep before actually disrupting any traffic.

Fixes: e6bb827 ("Whitelist local IPv6 CIDRs when airgapping nodes")
Signed-off-by: Tom Wieczorek <twieczorek@mirantis.com>
(cherry picked from commit cab0882)
(cherry picked from commit e4fc69a)
(cherry picked from commit 7330b17)
@twz123 twz123 enabled auto-merge June 14, 2024 13:07
@twz123 twz123 merged commit 3061f91 into release-1.28 Jun 14, 2024
72 checks passed
@twz123 twz123 deleted the backport-4614-to-release-1.28 branch June 14, 2024 13:30
@k0s-bot
Copy link
Author

k0s-bot commented Jun 14, 2024

Successfully created backport PR for release-1.27:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/smoke-tests backport/release-1.27 PR that needs to be backported/cherrypicked to release-1.27 branch chore
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants