WIP: Configure IPv6 for Calico

ederst · ederst · commit 997f8e177c71 · 2024-09-27T16:54:31.000+02:00
diff --git a/upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.22.yaml.template b/upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.22.yaml.template
@@ -49,7 +49,7 @@ data:
           "mtu": __CNI_MTU__,
           "ipam": {
               "assign_ipv4": "{{ not IsIPv6Only }}",
-              "assign_ipv6": "{{ IsIPv6Only }}",
+              "assign_ipv6": "{{ CalicoUseIPv6 }}",
               {{- if IsIPv6Only }}
               "type": "host-local",
               "ranges": [[{ "subnet": "usePodCidrIPv6" }]]
@@ -4633,7 +4633,7 @@ spec:
             - name: IP
               value: "{{- if not IsIPv6Only -}}autodetect{{- else -}}none{{- end -}}"
             - name: IP6
-              value: "{{- if IsIPv6Only -}}autodetect{{- else -}}none{{- end -}}"
+              value: "{{- if CalicoUseIPv6 -}}autodetect{{- else -}}none{{- end -}}"
             {{- if IsIPv6Only }}
             - name: IP_AUTODETECTION_METHOD
               value: "{{- or .Networking.Calico.IPv4AutoDetectionMethod "none" }}"
@@ -4680,6 +4680,8 @@ spec:
             {{- else }}
             - name: CALICO_IPV4POOL_CIDR
               value: "{{ .KubeControllerManager.ClusterCIDR }}"
+            - name: CALICO_IPV6POOL_NAT_OUTGOING
+              value: "{{- CalicoUseIPv6 }}"
             {{- end }}
             # Disable file logging so `kubectl logs` works.
             - name: CALICO_DISABLE_FILE_LOGGING
@@ -4689,7 +4691,7 @@ spec:
               value: "ACCEPT"
             # Set IPv6 on Kubernetes.
             - name: FELIX_IPV6SUPPORT
-              value: "{{ IsIPv6Only }}"
+              value: "{{ CalicoUseIPv6 }}"
             - name: FELIX_HEALTHENABLED
               value: "true"
 
diff --git a/upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.25.yaml.template b/upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.25.yaml.template
@@ -102,7 +102,7 @@ data:
           "mtu": __CNI_MTU__,
           "ipam": {
               "assign_ipv4": "{{ not IsIPv6Only }}",
-              "assign_ipv6": "{{ IsIPv6Only }}",
+              "assign_ipv6": "{{ CalicoUseIPv6 }}",
               {{- if IsIPv6Only }}
               "type": "host-local",
               "ranges": [[{ "subnet": "usePodCidrIPv6" }]]
@@ -4987,7 +4987,7 @@ spec:
             - name: IP
               value: "{{- if not IsIPv6Only -}}autodetect{{- else -}}none{{- end -}}"
             - name: IP6
-              value: "{{- if IsIPv6Only -}}autodetect{{- else -}}none{{- end -}}"
+              value: "{{- if CalicoUseIPv6 -}}autodetect{{- else -}}none{{- end -}}"
             {{- if IsIPv6Only }}
             - name: IP_AUTODETECTION_METHOD
               value: "{{- or .Networking.Calico.IPv4AutoDetectionMethod "none" }}"
@@ -5034,6 +5034,8 @@ spec:
             {{- else }}
             - name: CALICO_IPV4POOL_CIDR
               value: "{{ .KubeControllerManager.ClusterCIDR }}"
+            - name: CALICO_IPV6POOL_NAT_OUTGOING
+              value: "{{- CalicoUseIPv6 }}"
             {{- end }}
             # Disable file logging so `kubectl logs` works.
             - name: CALICO_DISABLE_FILE_LOGGING
@@ -5043,7 +5045,7 @@ spec:
               value: "ACCEPT"
             # Set IPv6 on Kubernetes.
             - name: FELIX_IPV6SUPPORT
-              value: "{{ IsIPv6Only }}"
+              value: "{{ CalicoUseIPv6 }}"
             - name: FELIX_HEALTHENABLED
               value: "true"
 
diff --git a/upup/pkg/fi/cloudup/template_functions.go b/upup/pkg/fi/cloudup/template_functions.go
@@ -301,6 +301,13 @@ func (tf *TemplateFunctions) AddTo(dest template.FuncMap, secretStore fi.SecretS
 			}
 			return "CrossSubnet"
 		}
+		dest["CalicoUseIPv6"] = func() bool {
+			// TODO:
+			// In the templates this is done:
+			// value: "{{- or .Networking.Calico.IPv6AutoDetectionMethod "none" }}"
+			// But doc states that default is "first-found", so this might not work like expected (IPv6 always on)
+			return cluster.Spec.IsIPv6Only() || (c.IPv6AutoDetectionMethod != "" && c.IPv6AutoDetectionMethod != "none")
+		}
 	}
 
 	if cluster.Spec.Networking.Cilium != nil {

Original file line number	Diff line number	Diff line change
`@@ -301,6 +301,13 @@ func (tf *TemplateFunctions) AddTo(dest template.FuncMap, secretStore fi.SecretS`
`301`	`301`	`}`
`302`	`302`	`return "CrossSubnet"`
`303`	`303`	`}`
	`304`	`+ dest["CalicoUseIPv6"] = func() bool {`
	`305`	`+ // TODO:`
	`306`	`+ // In the templates this is done:`
	`307`	`+ // value: "{{- or .Networking.Calico.IPv6AutoDetectionMethod "none" }}"`
	`308`	`+ // But doc states that default is "first-found", so this might not work like expected (IPv6 always on)`
	`309`	`+ return cluster.Spec.IsIPv6Only() \|\| (c.IPv6AutoDetectionMethod != "" && c.IPv6AutoDetectionMethod != "none")`
	`310`	`+ }`
`304`	`311`	`}`
`305`	`312`
`306`	`313`	`if cluster.Spec.Networking.Cilium != nil {`