[ upstream commit ef01850 ]

When running with a kernel that has IPv6 compiled out there is no
/proc/net/ipv6/ directory so trying to enable IPv6 fails and the
daemon can not start.

To resolve this only enable IPv6 forwarding when daemon is running with
IPv6 enabled.

Error seen with IPv6 compiled out and IPv6 disabled in config map is

level=fatal msg="Error when enabling sysctl parameters" error="could not open the sysctl file /proc/sys/net/ipv6/conf/all/forwarding: open /proc/sys/net/ipv6/conf/all/forwarding: no such file or directory" subsys=daemon

Fixes: 294cf66 ("daemon: Enable IP forwarding on start")
Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: Ray Bejjani <ray@isovalent.com>

[ upstream commit 4890a15 ]

It has been observed that kubelet calls CNI DELETE multiple times with
potentially stale CNI result information. This can lead to a race condition
where the initial CNI DELETE properly releases the IP in use which then gets
reused by a different pod. Any subsequent CNI DELETE with the stale IP will
then cause the IP of the live pod to be released. While the pod will continue
to function, the next scheduled pod will attempt to use that IP and
continuously fail to be scheduled due to a IP in use error.

This is a regression of commit ab61853 which introduced the ability for CNI
DELETE to release an IP even if the endpoint deletion fails which is required
to fix the race condition when the CNI binary gets killed in between allocating
an IP and creating the endpoint.

Fixes: ab61853 ("cni: Release IP even when endpoint deletion fails")
Fixes: #10065

Signed-off-by: Thomas Graf <thomas@cilium.io>
Signed-off-by: Ray Bejjani <ray@isovalent.com>