From 8e4a2227f89d7196e1cc08435b35817e3af20a0c Mon Sep 17 00:00:00 2001
From: ederst <stefan.prietl@bearingpoint.com>
Date: Mon, 11 Jul 2022 16:28:54 +0200
Subject: [PATCH] WIP: Configure IPv6 for Calico

---
 .../networking.projectcalico.org/k8s-1.22.yaml.template   | 8 +++++---
 .../networking.projectcalico.org/k8s-1.25.yaml.template   | 8 +++++---
 upup/pkg/fi/cloudup/template_functions.go                 | 7 +++++++
 3 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.22.yaml.template b/upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.22.yaml.template
index 970c3aa5a47ea..e49a6456c48f1 100644
--- a/upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.22.yaml.template
+++ b/upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.22.yaml.template
@@ -49,7 +49,7 @@ data:
           "mtu": __CNI_MTU__,
           "ipam": {
               "assign_ipv4": "{{ not IsIPv6Only }}",
-              "assign_ipv6": "{{ IsIPv6Only }}",
+              "assign_ipv6": "{{ CalicoUseIPv6 }}",
               {{- if IsIPv6Only }}
               "type": "host-local",
               "ranges": [[{ "subnet": "usePodCidrIPv6" }]]
@@ -4633,7 +4633,7 @@ spec:
             - name: IP
               value: "{{- if not IsIPv6Only -}}autodetect{{- else -}}none{{- end -}}"
             - name: IP6
-              value: "{{- if IsIPv6Only -}}autodetect{{- else -}}none{{- end -}}"
+              value: "{{- if CalicoUseIPv6 -}}autodetect{{- else -}}none{{- end -}}"
             {{- if IsIPv6Only }}
             - name: IP_AUTODETECTION_METHOD
               value: "{{- or .Networking.Calico.IPv4AutoDetectionMethod "none" }}"
@@ -4680,6 +4680,8 @@ spec:
             {{- else }}
             - name: CALICO_IPV4POOL_CIDR
               value: "{{ .KubeControllerManager.ClusterCIDR }}"
+            - name: CALICO_IPV6POOL_NAT_OUTGOING
+              value: "{{- CalicoUseIPv6 }}"
             {{- end }}
             # Disable file logging so `kubectl logs` works.
             - name: CALICO_DISABLE_FILE_LOGGING
@@ -4689,7 +4691,7 @@ spec:
               value: "ACCEPT"
             # Set IPv6 on Kubernetes.
             - name: FELIX_IPV6SUPPORT
-              value: "{{ IsIPv6Only }}"
+              value: "{{ CalicoUseIPv6 }}"
             - name: FELIX_HEALTHENABLED
               value: "true"
 
diff --git a/upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.25.yaml.template b/upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.25.yaml.template
index c1f8ae111382d..49f6528b9e3d3 100644
--- a/upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.25.yaml.template
+++ b/upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.25.yaml.template
@@ -102,7 +102,7 @@ data:
           "mtu": __CNI_MTU__,
           "ipam": {
               "assign_ipv4": "{{ not IsIPv6Only }}",
-              "assign_ipv6": "{{ IsIPv6Only }}",
+              "assign_ipv6": "{{ CalicoUseIPv6 }}",
               {{- if IsIPv6Only }}
               "type": "host-local",
               "ranges": [[{ "subnet": "usePodCidrIPv6" }]]
@@ -4987,7 +4987,7 @@ spec:
             - name: IP
               value: "{{- if not IsIPv6Only -}}autodetect{{- else -}}none{{- end -}}"
             - name: IP6
-              value: "{{- if IsIPv6Only -}}autodetect{{- else -}}none{{- end -}}"
+              value: "{{- if CalicoUseIPv6 -}}autodetect{{- else -}}none{{- end -}}"
             {{- if IsIPv6Only }}
             - name: IP_AUTODETECTION_METHOD
               value: "{{- or .Networking.Calico.IPv4AutoDetectionMethod "none" }}"
@@ -5034,6 +5034,8 @@ spec:
             {{- else }}
             - name: CALICO_IPV4POOL_CIDR
               value: "{{ .KubeControllerManager.ClusterCIDR }}"
+            - name: CALICO_IPV6POOL_NAT_OUTGOING
+              value: "{{- CalicoUseIPv6 }}"
             {{- end }}
             # Disable file logging so `kubectl logs` works.
             - name: CALICO_DISABLE_FILE_LOGGING
@@ -5043,7 +5045,7 @@ spec:
               value: "ACCEPT"
             # Set IPv6 on Kubernetes.
             - name: FELIX_IPV6SUPPORT
-              value: "{{ IsIPv6Only }}"
+              value: "{{ CalicoUseIPv6 }}"
             - name: FELIX_HEALTHENABLED
               value: "true"
 
diff --git a/upup/pkg/fi/cloudup/template_functions.go b/upup/pkg/fi/cloudup/template_functions.go
index 3965f7effc8ac..3cc605c346ea0 100644
--- a/upup/pkg/fi/cloudup/template_functions.go
+++ b/upup/pkg/fi/cloudup/template_functions.go
@@ -301,6 +301,13 @@ func (tf *TemplateFunctions) AddTo(dest template.FuncMap, secretStore fi.SecretS
 			}
 			return "CrossSubnet"
 		}
+		dest["CalicoUseIPv6"] = func() bool {
+			// TODO:
+			// In the templates this is done:
+			// value: "{{- or .Networking.Calico.IPv6AutoDetectionMethod "none" }}"
+			// But doc states that default is "first-found", so this might not work like expected (IPv6 always on)
+			return cluster.Spec.IsIPv6Only() || (c.IPv6AutoDetectionMethod != "" && c.IPv6AutoDetectionMethod != "none")
+		}
 	}
 
 	if cluster.Spec.Networking.Cilium != nil {