ipFamilyPolicy:PreferDualStack for coredns and metrics-server

Signed-off-by: Manuel Buil <mbuil@suse.com>
k3s-io · Sep 27, 2023 · 067094a · 067094a
1 parent 4dd45b3
commit 067094a
Show file tree

Hide file tree

Showing 5 changed files with 27 additions and 26 deletions.
diff --git a/manifests/coredns.yaml b/manifests/coredns.yaml
@@ -205,6 +205,7 @@ spec:
  selector:
  k8s-app: kube-dns
  clusterIP: %{CLUSTER_DNS}%
+ clusterIPs: %{CLUSTER_DNS_LIST}%
  ports:
  - name: dns
  port: 53
@@ -215,3 +216,4 @@ spec:
  - name: metrics
  port: 9153
  protocol: TCP
+ ipFamilyPolicy: %{CLUSTER_DNS_IPFAMILYPOLICY}%
diff --git a/manifests/metrics-server/metrics-server-service.yaml b/manifests/metrics-server/metrics-server-service.yaml
@@ -15,3 +15,4 @@ spec:
  name: https
  protocol: TCP
  targetPort: https
+ ipFamilyPolicy: PreferDualStack
diff --git a/pkg/cli/server/server.go b/pkg/cli/server/server.go
@@ -364,12 +364,13 @@ func run(app *cli.Context, cfg *cmds.Server, leaderControllers server.CustomCont
  // If there are no IPv4 ServiceCIDRs, an IPv6 ServiceCIDRs will be used.
  // If neither of IPv4 or IPv6 are found an error is raised.
  if len(cmds.ServerConfig.ClusterDNS) == 0 {
- clusterDNS, err := utilsnet.GetIndexedIP(serverConfig.ControlConfig.ServiceIPRange, 10)
- if err != nil {
- return errors.Wrap(err, "cannot configure default cluster-dns address")
+ for _, svcCIDR := range serverConfig.ControlConfig.ServiceIPRanges {
+ clusterDNS, err := utilsnet.GetIndexedIP(svcCIDR, 10)
+ if err != nil {
+ return errors.Wrap(err, "cannot configure default cluster-dns address")
+ }
+ serverConfig.ControlConfig.ClusterDNSs = append(serverConfig.ControlConfig.ClusterDNSs, clusterDNS)
  }
- serverConfig.ControlConfig.ClusterDNS = clusterDNS
- serverConfig.ControlConfig.ClusterDNSs = []net.IP{serverConfig.ControlConfig.ClusterDNS}
  } else {
  for _, ip := range util.SplitStringSlice(cmds.ServerConfig.ClusterDNS) {
  parsed := net.ParseIP(ip)
@@ -378,15 +379,16 @@ func run(app *cli.Context, cfg *cmds.Server, leaderControllers server.CustomCont
  }
  serverConfig.ControlConfig.ClusterDNSs = append(serverConfig.ControlConfig.ClusterDNSs, parsed)
  }
- // Set ClusterDNS to the first IPv4 address, for legacy clients
- // unless only IPv6 range given
- clusterDNS, _, _, err := util.GetFirstIP(serverConfig.ControlConfig.ClusterDNSs)
- if err != nil {
- return errors.Wrap(err, "cannot configure IPv4/IPv6 cluster-dns address")
- }
- serverConfig.ControlConfig.ClusterDNS = clusterDNS
  }
 
+ // Set ClusterDNS to the first IPv4 address, for legacy clients
+ // unless only IPv6 range given
+ clusterDNS, _, _, err := util.GetFirstIP(serverConfig.ControlConfig.ClusterDNSs)
+ if err != nil {
+ return errors.Wrap(err, "cannot configure IPv4/IPv6 cluster-dns address")
+ }
+ serverConfig.ControlConfig.ClusterDNS = clusterDNS
+
  if err := validateNetworkConfiguration(serverConfig); err != nil {
  return err
  }
@@ -577,18 +579,6 @@ func run(app *cli.Context, cfg *cmds.Server, leaderControllers server.CustomCont
 
 // validateNetworkConfig ensures that the network configuration values make sense.
 func validateNetworkConfiguration(serverConfig server.Config) error {
- // Dual-stack operation requires fairly extensive manual configuration at the moment - do some
- // preflight checks to make sure that the user isn't trying to use flannel/npc, or trying to
- // enable dual-stack DNS (which we don't currently support since it's not easy to template)
- dualDNS, err := utilsnet.IsDualStackIPs(serverConfig.ControlConfig.ClusterDNSs)
- if err != nil {
- return errors.Wrap(err, "failed to validate cluster-dns")
- }
-
- if dualDNS == true {
- return errors.New("dual-stack cluster-dns is not supported")
- }
-
  switch serverConfig.ControlConfig.EgressSelectorMode {
  case config.EgressSelectorModeCluster, config.EgressSelectorModePod:
  case config.EgressSelectorModeAgent, config.EgressSelectorModeDisabled:

diff --git a/pkg/deploy/zz_generated_bindata.go b/pkg/deploy/zz_generated_bindata.go
diff --git a/pkg/server/server.go b/pkg/server/server.go
@@ -272,8 +272,16 @@ func stageFiles(ctx context.Context, sc *Context, controlConfig *config.Control)
  return err
  }
  dataDir = filepath.Join(controlConfig.DataDir, "manifests")
+
+ dnsIPFamilyPolicy := "PreferDualStack"
+ if len(controlConfig.ClusterDNSs) == 1 {
+ dnsIPFamilyPolicy = "SingleStack"
+ }
+
  templateVars := map[string]string{
  "%{CLUSTER_DNS}%": controlConfig.ClusterDNS.String(),
+ "%{CLUSTER_DNS_LIST}%": fmt.Sprintf("[%s]", util.JoinIPs(controlConfig.ClusterDNSs)),
+ "%{CLUSTER_DNS_IPFAMILYPOLICY}%": dnsIPFamilyPolicy,
  "%{CLUSTER_DOMAIN}%": controlConfig.ClusterDomain,
  "%{DEFAULT_LOCAL_STORAGE_PATH}%": controlConfig.DefaultLocalStoragePath,
  "%{SYSTEM_DEFAULT_REGISTRY}%": registryTemplate(controlConfig.SystemDefaultRegistry),