Skip to content

Commit

Permalink
node: require ipv4 address when wireguard is enabled
Browse files Browse the repository at this point in the history
[upstream commit 5463073]

Currently, wireguard encryption is not performed when the nodes have
ipv6-only addresses, since it relies on the tunnel_endpoint field of
the ipcache map (which is not set in such case). This limitation has
been removed with the reworking performed as part of cilium#19401. As for
previous versions, this commit adds a check to prevent the agent from
starting in this configuration.

Signed-off-by: Marco Iorio <[email protected]>
  • Loading branch information
giorio94 authored and sayboras committed Feb 27, 2023
1 parent a5d3e23 commit 7a51194
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion pkg/node/address.go
Original file line number Diff line number Diff line change
Expand Up @@ -497,7 +497,7 @@ const mismatchRouterIPsMsg = "Mismatch of router IPs found during restoration. T
// ValidatePostInit validates the entire addressing setup and completes it as
// required
func ValidatePostInit() error {
if option.Config.EnableIPv4 || option.Config.Tunnel != option.TunnelDisabled {
if option.Config.EnableIPv4 || option.Config.Tunnel != option.TunnelDisabled || option.Config.EnableWireguard {
if ipv4Address == nil {
return fmt.Errorf("external IPv4 node address could not be derived, please configure via --ipv4-node")
}
Expand Down

0 comments on commit 7a51194

Please sign in to comment.