-
Notifications
You must be signed in to change notification settings - Fork 372
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #673 from soider/ipv6-support
Introduce configuration changes for the ipv6 support
- Loading branch information
Showing
17 changed files
with
356 additions
and
33 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
# Dual-stack networking | ||
|
||
To enable dual-stack networking use the following k0s.yaml as an example. | ||
This settings will set up bundled calico cni, enable feature gates for the Kubernetes components and set up kubernetes-controller-manager. | ||
``` | ||
spec: | ||
network: | ||
podCIDR: "10.244.0.0/16" | ||
serviceCIDR: "10.96.0.0/12" | ||
calico: | ||
mode: "bird" | ||
dualStack: | ||
enabled: true | ||
IPv6podCIDR: "fd00::/108" | ||
IPv6serviceCIDR: "fd01::/108" | ||
``` | ||
## CNI settings | ||
|
||
### Calico settings | ||
|
||
Calico doesn't support tunneling for the IPv6, so "vxlan" and "ipip" backend wouldn't work. | ||
If you need to have cross-pod connectivity, you need to use "bird" as a backend mode. | ||
In any other mode the pods would be able to reach only pods on the same node. | ||
|
||
### External CNI | ||
The `k0s.yaml` dualStack section will enable all the neccessary feature gates for the Kubernetes components but in case of using external CNI it must be set up with IPv6 support. | ||
|
||
## Additional materials | ||
https://kubernetes.io/docs/concepts/services-networking/dual-stack/ | ||
|
||
https://kubernetes.io/docs/tasks/network/validate-dual-stack/ | ||
|
||
https://www.projectcalico.org/dual-stack-operation-with-calico-on-kubernetes/ | ||
|
||
https://docs.projectcalico.org/networking/ipv6 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,124 @@ | ||
/* | ||
Copyright 2020 Mirantis, Inc. | ||
Licensed under the Apache License, Version 2.0 (the "License"); | ||
you may not use this file except in compliance with the License. | ||
You may obtain a copy of the License at | ||
http://www.apache.org/licenses/LICENSE-2.0 | ||
Unless required by applicable law or agreed to in writing, software | ||
distributed under the License is distributed on an "AS IS" BASIS, | ||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
See the License for the specific language governing permissions and | ||
limitations under the License. | ||
*/ | ||
|
||
package dualstack | ||
|
||
// Package implements basic smoke test for dualstack setup. | ||
// Since we run tests under containers environment in the GHA we can't | ||
// actually check proper network connectivity. | ||
// Until wi migrate toward VM based test suites | ||
// this test only checks that nodes in the cluster | ||
// have proper values for spec.PodCIDRs | ||
|
||
import ( | ||
"context" | ||
"fmt" | ||
"github.com/stretchr/testify/suite" | ||
v1meta "k8s.io/apimachinery/pkg/apis/meta/v1" | ||
|
||
"github.com/k0sproject/k0s/inttest/common" | ||
k8s "k8s.io/client-go/kubernetes" | ||
restclient "k8s.io/client-go/rest" | ||
"k8s.io/client-go/tools/clientcmd" | ||
"testing" | ||
) | ||
|
||
type DualstackSuite struct { | ||
common.FootlooseSuite | ||
|
||
client *k8s.Clientset | ||
} | ||
|
||
func (ds *DualstackSuite) TestDualStackNodesHavePodCIDRs() { | ||
nl, err := ds.client.CoreV1().Nodes().List(context.Background(), v1meta.ListOptions{}) | ||
ds.Require().NoError(err) | ||
for _, n := range nl.Items { | ||
ds.Require().Len(n.Spec.PodCIDRs, 2, "Each node must have ipv4 and ipv6 pod cidr") | ||
} | ||
|
||
} | ||
|
||
func (ds *DualstackSuite) getKubeConfig(node string) *restclient.Config { | ||
machine, err := ds.MachineForName(node) | ||
ds.Require().NoError(err) | ||
ssh, err := ds.SSH(node) | ||
ds.Require().NoError(err) | ||
kubeConf, err := ssh.ExecWithOutput("cat /var/lib/k0s/pki/admin.conf") | ||
ds.Require().NoError(err) | ||
cfg, err := clientcmd.RESTConfigFromKubeConfig([]byte(kubeConf)) | ||
ds.Require().NoError(err) | ||
hostPort, err := machine.HostPort(6443) | ||
ds.Require().NoError(err) | ||
cfg.Host = fmt.Sprintf("localhost:%d", hostPort) | ||
return cfg | ||
} | ||
|
||
func (ds *DualstackSuite) SetupSuite() { | ||
ds.FootlooseSuite.SetupSuite() | ||
ds.prepareConfigWithDualStackEnabled() | ||
ds.Require().NoError(ds.InitMainController("/tmp/k0s.yaml", "")) | ||
ds.Require().NoError(ds.RunWorkers("/var/lib/k0s")) | ||
client, err := k8s.NewForConfig(ds.getKubeConfig("controller0")) | ||
ds.Require().NoError(err) | ||
err = ds.WaitForNodeReady("worker0", client) | ||
ds.Require().NoError(err) | ||
|
||
err = ds.WaitForNodeReady("worker1", client) | ||
ds.Require().NoError(err) | ||
|
||
ds.client = client | ||
|
||
} | ||
|
||
func TestDualStack(t *testing.T) { | ||
|
||
s := DualstackSuite{ | ||
common.FootlooseSuite{ | ||
ControllerCount: 1, | ||
WorkerCount: 2, | ||
}, | ||
nil, | ||
} | ||
|
||
suite.Run(t, &s) | ||
|
||
} | ||
|
||
func (ds *DualstackSuite) prepareConfigWithDualStackEnabled() { | ||
ds.putFile("/tmp/k0s.yaml", k0sConfigWithAddon) | ||
} | ||
|
||
func (ds *DualstackSuite) putFile(path string, content string) { | ||
controllerNode := fmt.Sprintf("controller%d", 0) | ||
ssh, err := ds.SSH(controllerNode) | ||
ds.Require().NoError(err) | ||
defer ssh.Disconnect() | ||
_, err = ssh.ExecWithOutput(fmt.Sprintf("echo '%s' >%s", content, path)) | ||
|
||
ds.Require().NoError(err) | ||
|
||
} | ||
|
||
const k0sConfigWithAddon = ` | ||
spec: | ||
network: | ||
calico: | ||
mode: "bird" | ||
dualStack: | ||
enabled: true | ||
IPv6podCIDR: "fd00::/108" | ||
IPv6serviceCIDR: "fd01::/108" | ||
` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
package v1beta1 | ||
|
||
// DualStack defines network configuration for ipv4\ipv6 mixed cluster setup | ||
type DualStack struct { | ||
Enabled bool `yaml:"enabled,omitempty"` | ||
IPv6PodCIDR string `yaml:"IPv6podCIDR,omitempty"` | ||
IPv6ServiceCIDR string `yaml:"IPv6serviceCIDR,omitempty"` | ||
} | ||
|
||
// EnableDualStackFeatureGate adds ipv6 feature gate to the given args colllection | ||
func (ds DualStack) EnableDualStackFeatureGate(args map[string]string) { | ||
if !ds.Enabled { | ||
return | ||
} | ||
fg, found := args["feature-gates"] | ||
if !found { | ||
args["feature-gates"] = "IPv6DualStack=true" | ||
} else { | ||
fg = fg + ",IPv6DualStack=true" | ||
args["feature-gates"] = fg | ||
} | ||
} | ||
|
||
// DefaultDualStack builds default values | ||
func DefaultDualStack() DualStack { | ||
return DualStack{} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
package v1beta1 | ||
|
||
import ( | ||
"github.com/stretchr/testify/require" | ||
"testing" | ||
) | ||
|
||
func TestAddDualStackArguments(t *testing.T) { | ||
ds := DualStack{Enabled: true} | ||
t.Run("If no extrargs given, just add DualStack", func(t *testing.T) { | ||
args := map[string]string{} | ||
ds.EnableDualStackFeatureGate(args) | ||
require.Equal(t, "IPv6DualStack=true", args["feature-gates"]) | ||
}) | ||
t.Run("keep already existed extra-args", func(t *testing.T) { | ||
args := map[string]string{ | ||
"some-argument": "value", | ||
} | ||
ds.EnableDualStackFeatureGate(args) | ||
require.Equal(t, "IPv6DualStack=true", args["feature-gates"]) | ||
require.Equal(t, "value", args["some-argument"]) | ||
}) | ||
t.Run("keep already existed extra-args feature gates", func(t *testing.T) { | ||
args := map[string]string{ | ||
"feature-gates": "Magic=true", | ||
} | ||
ds.EnableDualStackFeatureGate(args) | ||
require.Equal(t, "Magic=true,IPv6DualStack=true", args["feature-gates"]) | ||
}) | ||
t.Run("do nothing if dual-stack disabled", func(t *testing.T) { | ||
ds := DualStack{} | ||
args := map[string]string{} | ||
ds.EnableDualStackFeatureGate(args) | ||
require.Empty(t, args) | ||
}) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.