feat(Dockerfile): add checks for required binaries

Check for the existence of the required iptables-* binaries
before runnig the iptables-wrapper-installer.

Signed-off-by: elchenberg <[email protected]>

Author: elchenberg

Dockerfile

@@ -42,10 +42,17 @@ COPY --from=builder /build/cni-download /usr/libexec/cni
 COPY build/image-assets/iptables-wrapper-installer.sh /
 # This is necessary because of the bug reported here: https://github.com/flannel-io/flannel/pull/1340/files
 # Basically even under QEMU emulation, it still doesn't have an ARM kernel in-play which means that calls to
-# iptables-nft will fail in the build process. The sanity check here only makes sure that we are not using
-# iptables-1.8.0-1.8.2. For now we'll manage that on our own.
-RUN /iptables-wrapper-installer.sh --no-sanity-check
-
+# iptables-nft will fail in the build process. The sanity check here only makes sure that iptables-nft and iptables-legacy
+# are installed and that we are not using iptables-1.8.0-1.8.3. For now we'll manage that on our own.
+RUN if ! command -v iptables-nft > /dev/null; then \
+        echo "ERROR: iptables-nft is not installed" 1>&2; \
+        exit 1; \
+    fi && \
+    if ! command -v iptables-legacy > /dev/null; then \
+        echo "ERROR: iptables-legacy is not installed" 1>&2; \
+        exit 1; \
+    fi && \
+    /iptables-wrapper-installer.sh --no-sanity-check
 
 # Since alpine image doesn't contain /etc/nsswitch.conf, the hosts in /etc/hosts (e.g. localhost)
 # cannot be used. So manually add /etc/nsswitch.conf to work around this issue.