ip6tables should be set in the noop plugin

[rpothier]

What this PR does / why we need it:
The noop plugin currently sets the iptables for IPv4.
This updates that to also set the iptables for IPv6 so
IPv6 can have parity with IPv4.

Which issue this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close that issue when PR gets merged): fixes #53147

Special notes for your reviewer:

Release note:

NONE

[rpothier]

/sig network
/area ipv6

[MrHohn]

/assign @freehan

[cmluciano]

/ok-to-test

[rpothier]

/test pull-kubernetes-e2e-gce-etcd3

[dcbw]

Does this sysctl even exist if the kernel is booted with IPv6 disabled or compiled out? Not sure if we care about that case, but people still do this when they don't want IPv6, and I believe those make the sysctl simply not present and thus will always error spuriously.

Perhaps you can check if the err is os.IsNotExist() and ignore the warning?

[rpothier]

I can ignore the warning when the element doesn't exist. There is a GetSysctl() to see if it exists, I will look at using that.

[dims]

cc @leblancd

[cmluciano]

If possible, can you please add a unit test for this? The sysctl pkg has a fake interface

[cmluciano]

Should we log the error returned from GetSysctl if it cannot find the module?

[rpothier]

Thanks for the review, this PR was changed to not show the error if it cannot find the module.
As dcbw pointed out in an earlier review,
"Does this sysctl even exist if the kernel is booted with IPv6 disabled or compiled out? Not sure if we care about that case, but people still do this when they don't want IPv6, and I believe those make the sysctl simply not present and thus will always error spuriously."

So in the case where it can't find it, it just continues.

[rpothier]

@cmluciano I'll look into the unit test with the sysctl pkg. Thanks.

[rpothier]

/test pull-kubernetes-verify

[danehans]

@rpothier Since you import "github.com/stretchr/testify/assert", you need to run ./hack/update-bazel.sh and resubmit your PR.

[rpothier]

@danehans Thanks, will run that.

[danehans]

@dcbw @freehan @MrHohn do you mind reviewing when you have a moment? It would be good to get this PR merged for IPv6 alpha support in 1.9.

cc @bowei @luxas

[luxas]

This PR needs approval by someone of @thockin @dchen1107 @matchstick @freehan
/assign @thockin @dchen1107 @matchstick

[MrHohn]

LGTM with a nit.

[MrHohn]

net/bridge/bridge-nf-call-ip6tables -> net/bridge/bridge-nf-call-iptables?

[thockin]

@MrHohn has the review

/approve

[MrHohn]

/lgtm
/retest

[k8s-github-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: MrHohn, rpothier, thockin

Associated issue: 53147

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these OWNERS Files:

• pkg/kubelet/network/OWNERS [thockin]

You can indicate your approval by writing /approve in a comment
You can cancel your approval by writing /approve cancel in a comment

[danehans]

@cmluciano @freehan @bowei @thockin anything else needed to get this PR merged?

[MrHohn]

@danehans Just time, it is already in submit queue :)
https://submit-queue.k8s.io/#/queue

[danehans]

thanks @MrHohn

[fejta-bot]

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to @fejta).

Review the full test history for this PR.

[k8s-github-robot]

/test all [submit-queue is verifying that this PR is safe to merge]

[k8s-github-robot]

Automatic merge from submit-queue (batch tested with PRs 54436, 53148, 55153, 55614, 55484). If you want to cherry-pick this change to another branch, please follow the instructions here.