server: Allow to enable network policies with IPv6-only

After previous changes, network policies are working on IPv6-only
installations.

Signed-off-by: Michal Rostecki <vadorovsky@gmail.com>

pkg/agent/netpol/netpol.go

@@ -80,17 +80,19 @@ func Run(ctx context.Context, nodeConfig *config.Node) error {
 	iptablesCmdHandlers := make(map[v1core.IPFamily]utils.IPTablesHandler, 2)
 	ipSetHandlers := make(map[v1core.IPFamily]utils.IPSetHandler, 2)
 
-	iptHandler, err := iptables.NewWithProtocol(iptables.ProtocolIPv4)
-	if err != nil {
-		return errors.Wrap(err, "failed to create iptables handler")
-	}
-	iptablesCmdHandlers[v1core.IPv4Protocol] = iptHandler
+	if nodeConfig.AgentConfig.EnableIPv4 {
+		iptHandler, err := iptables.NewWithProtocol(iptables.ProtocolIPv4)
+		if err != nil {
+			return errors.Wrap(err, "failed to create iptables handler")
+		}
+		iptablesCmdHandlers[v1core.IPv4Protocol] = iptHandler
 
-	ipset, err := utils.NewIPSet(false)
-	if err != nil {
-		return errors.Wrap(err, "failed to create ipset handler")
+		ipset, err := utils.NewIPSet(false)
+		if err != nil {
+			return errors.Wrap(err, "failed to create ipset handler")
+		}
+		ipSetHandlers[v1core.IPv4Protocol] = ipset
 	}
-	ipSetHandlers[v1core.IPv4Protocol] = ipset
 
 	if nodeConfig.AgentConfig.EnableIPv6 {
 		ipt6Handler, err := iptables.NewWithProtocol(iptables.ProtocolIPv6)

pkg/cli/server/server.go

@@ -528,13 +528,6 @@ func validateNetworkConfiguration(serverConfig server.Config) error {
 		return errors.New("dual-stack cluster-dns is not supported")
 	}
 
-	IPv6OnlyService, _ := util.IsIPv6OnlyCIDRs(serverConfig.ControlConfig.ServiceIPRanges)
-	if IPv6OnlyService {
-		if serverConfig.ControlConfig.DisableNPC == false {
-			return errors.New("network policy enforcement is not compatible with IPv6 only operation; server must be restarted with --disable-network-policy")
-		}
-	}
-
 	return nil
 }