From 43c99ea29c3a50cbfe357ca22f69260d5b0a8c87 Mon Sep 17 00:00:00 2001
From: Benjamin Elder <bentheelder@google.com>
Date: Fri, 4 Oct 2024 13:12:50 -0700
Subject: [PATCH] detect ip6tables setup failure and fallback to ipv4 only

---
 pkg/cluster/internal/providers/docker/network.go | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/pkg/cluster/internal/providers/docker/network.go b/pkg/cluster/internal/providers/docker/network.go
index f432846108..413a04a9b9 100644
--- a/pkg/cluster/internal/providers/docker/network.go
+++ b/pkg/cluster/internal/providers/docker/network.go
@@ -261,7 +261,17 @@ func checkIfNetworkExists(name string) (bool, error) {
 
 func isIPv6UnavailableError(err error) bool {
 	rerr := exec.RunErrorForError(err)
-	return rerr != nil && strings.HasPrefix(string(rerr.Output), "Error response from daemon: Cannot read IPv6 setup for bridge")
+	if rerr == nil {
+		return false
+	}
+	errorMessage := string(rerr.Output)
+	// we get this error when ipv6 was disabled in docker
+	const dockerIPV6DisabledError = "Error response from daemon: Cannot read IPv6 setup for bridge"
+	// TODO: this is fragile, and only necessary due to docker enabling ipv6 by default
+	// even on hosts that lack ip6tables setup.
+	// Preferably users would either have ip6tables setup properly or else disable ipv6 in docker
+	const dockerIPV6TablesError = "Error response from daemon: Failed to Setup IP tables: Unable to enable NAT rule: (iptables failed: ip6tables"
+	return strings.HasPrefix(errorMessage, dockerIPV6DisabledError) || strings.HasPrefix(errorMessage, dockerIPV6TablesError)
 }
 
 func isPoolOverlapError(err error) bool {