From b18fa35d076b2bdc2648d1b9449bcfb22fb4aa7c Mon Sep 17 00:00:00 2001
From: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
Date: Fri, 18 Oct 2024 16:23:29 +0200
Subject: [PATCH] Added checks for br_netfilter module

Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
---
 README.md |  2 ++
 main.go   | 14 ++++++++++++++
 2 files changed, 16 insertions(+)

diff --git a/README.md b/README.md
index 5b0dbb9349..9f577e1733 100644
--- a/README.md
+++ b/README.md
@@ -70,6 +70,8 @@ curl -O -L https://github.com/containernetworking/plugins/releases/download/v1.5
 tar -C /opt/cni/bin -xzf cni-plugins-linux-$ARCH-v1.5.1.tgz
 ```
 
+Flannel requires the br_netfilter module to start and from version 1.30 kubeadm doesn't check if the module is installed and Flannel will not rightly start in case the module is missing.
+
 ## Getting started on Docker
 
 flannel is also widely used outside of kubernetes. When deployed outside of kubernetes, etcd is always used as the datastore. For more details integrating flannel with Docker see [Running](Documentation/running.md)
diff --git a/main.go b/main.go
index 70afde36ca..2bac2b196d 100644
--- a/main.go
+++ b/main.go
@@ -261,6 +261,20 @@ func main() {
 		os.Exit(1)
 	}
 
+	// From Kubernetes 1.30 kubeadm doesn't check if the br_netfilter module is loaded and in case it's missing Flannel wrongly starts
+	if config.EnableIPv4 {
+		if _, err = os.Stat("/proc/sys/net/bridge/bridge-nf-call-iptables"); os.IsNotExist(err) {
+			log.Error("Failed to check br_netfilter: ", err)
+			os.Exit(1)
+		}
+	}
+	if config.EnableIPv6 {
+		if _, err = os.Stat("/proc/sys/net/bridge/bridge-nf-call-ip6tables"); os.IsNotExist(err) {
+			log.Error("Failed to check br_netfilter: ", err)
+			os.Exit(1)
+		}
+	}
+
 	// Work out which interface to use
 	var extIface *backend.ExternalInterface