Added checks for br_netfilter module

Signed-off-by: Roberto Bonafiglia <[email protected]>
flannel-io · Oct 21, 2024 · cbf640c · cbf640c
1 parent 8f8b983
commit cbf640c
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -70,6 +70,8 @@ curl -O -L https://github.com/containernetworking/plugins/releases/download/v1.5
 tar -C /opt/cni/bin -xzf cni-plugins-linux-$ARCH-v1.5.1.tgz
 ```
 
+Flannel requires the br_netfilter module to start and from version 1.30 kubeadm doesn't check if the module is installed and Flannel will not rightly start in case the module is missing.
+
 ## Getting started on Docker
 
 flannel is also widely used outside of kubernetes. When deployed outside of kubernetes, etcd is always used as the datastore. For more details integrating flannel with Docker see [Running](Documentation/running.md)

diff --git a/main.go b/main.go
@@ -261,6 +261,20 @@ func main() {
 		os.Exit(1)
 	}
 
+	// From Kubernetes 1.30 kubeadm doesn't check if the br_netfilter module is loaded and in case it's missing Flannel wrongly starts
+	if config.EnableIPv4 {
+		if _, err = os.Stat("/proc/sys/net/bridge/bridge-nf-call-iptables"); os.IsNotExist(err) {
+			log.Error("Failed to check br_netfilter: ", err)
+			os.Exit(1)
+		}
+	}
+	if config.EnableIPv6 {
+		if _, err = os.Stat("/proc/sys/net/bridge/bridge-nf-call-ip6tables"); os.IsNotExist(err) {
+			log.Error("Failed to check br_netfilter: ", err)
+			os.Exit(1)
+		}
+	}
+
 	// Work out which interface to use
 	var extIface *backend.ExternalInterface