From 9479b9cd5689d197601d30434dff9c97abc1062e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anders=20F=20Bj=C3=B6rklund?= Date: Mon, 29 Sep 2025 18:29:40 +0200 Subject: [PATCH] Detect ip6tables failure without full ipv6 support Error when running with kernel from Kata Containers: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?) Perhaps ip6tables or your kernel needs to be upgraded. This happens also in Apple Containers. Fallback to ipv4 only. The alternative is building a custom kernel, with full support. --- pkg/cluster/internal/providers/docker/network.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pkg/cluster/internal/providers/docker/network.go b/pkg/cluster/internal/providers/docker/network.go index b356dd78..9b9685ef 100644 --- a/pkg/cluster/internal/providers/docker/network.go +++ b/pkg/cluster/internal/providers/docker/network.go @@ -271,7 +271,10 @@ func isIPv6UnavailableError(err error) bool { // even on hosts that lack ip6tables setup. // Preferably users would either have ip6tables setup properly or else disable ipv6 in docker const dockerIPV6TablesError = "Error response from daemon: Failed to Setup IP tables: Unable to enable NAT rule: (iptables failed: ip6tables" - return strings.HasPrefix(errorMessage, dockerIPV6DisabledError) || strings.HasPrefix(errorMessage, dockerIPV6TablesError) + // we get this error when ipv6 is missing in kernel + const dockerIPV6PolicyError = "Error response from daemon: setting default policy to DROP in FORWARD chain failed: (iptables failed: ip6tables" + + return strings.HasPrefix(errorMessage, dockerIPV6DisabledError) || strings.HasPrefix(errorMessage, dockerIPV6TablesError) || strings.HasPrefix(errorMessage, dockerIPV6PolicyError) } func isPoolOverlapError(err error) bool {