From 88fa074c4f6e6b342b1155777cfc24dcb39ed894 Mon Sep 17 00:00:00 2001 From: Manuel Buil Date: Wed, 20 Sep 2023 12:00:31 +0200 Subject: [PATCH 1/2] ipFamilyPolicy:PreferDualStack for coredns and metrics-server Signed-off-by: Manuel Buil --- manifests/coredns.yaml | 2 + .../metrics-server-service.yaml | 1 + pkg/cli/server/server.go | 38 +++++++------------ pkg/deploy/zz_generated_bindata.go | 4 +- pkg/server/server.go | 8 ++++ 5 files changed, 27 insertions(+), 26 deletions(-) diff --git a/manifests/coredns.yaml b/manifests/coredns.yaml index cd7d3a736bf3..469ee9041dba 100644 --- a/manifests/coredns.yaml +++ b/manifests/coredns.yaml @@ -205,6 +205,7 @@ spec: selector: k8s-app: kube-dns clusterIP: %{CLUSTER_DNS}% + clusterIPs: %{CLUSTER_DNS_LIST}% ports: - name: dns port: 53 @@ -215,3 +216,4 @@ spec: - name: metrics port: 9153 protocol: TCP + ipFamilyPolicy: %{CLUSTER_DNS_IPFAMILYPOLICY}% diff --git a/manifests/metrics-server/metrics-server-service.yaml b/manifests/metrics-server/metrics-server-service.yaml index f89a885ef0d5..ec24e645907d 100644 --- a/manifests/metrics-server/metrics-server-service.yaml +++ b/manifests/metrics-server/metrics-server-service.yaml @@ -15,3 +15,4 @@ spec: name: https protocol: TCP targetPort: https + ipFamilyPolicy: PreferDualStack diff --git a/pkg/cli/server/server.go b/pkg/cli/server/server.go index 09553b682df2..af8bec891cbb 100644 --- a/pkg/cli/server/server.go +++ b/pkg/cli/server/server.go @@ -364,12 +364,13 @@ func run(app *cli.Context, cfg *cmds.Server, leaderControllers server.CustomCont // If there are no IPv4 ServiceCIDRs, an IPv6 ServiceCIDRs will be used. // If neither of IPv4 or IPv6 are found an error is raised. if len(cmds.ServerConfig.ClusterDNS) == 0 { - clusterDNS, err := utilsnet.GetIndexedIP(serverConfig.ControlConfig.ServiceIPRange, 10) - if err != nil { - return errors.Wrap(err, "cannot configure default cluster-dns address") + for _, svcCIDR := range serverConfig.ControlConfig.ServiceIPRanges { + clusterDNS, err := utilsnet.GetIndexedIP(svcCIDR, 10) + if err != nil { + return errors.Wrap(err, "cannot configure default cluster-dns address") + } + serverConfig.ControlConfig.ClusterDNSs = append(serverConfig.ControlConfig.ClusterDNSs, clusterDNS) } - serverConfig.ControlConfig.ClusterDNS = clusterDNS - serverConfig.ControlConfig.ClusterDNSs = []net.IP{serverConfig.ControlConfig.ClusterDNS} } else { for _, ip := range util.SplitStringSlice(cmds.ServerConfig.ClusterDNS) { parsed := net.ParseIP(ip) @@ -378,15 +379,16 @@ func run(app *cli.Context, cfg *cmds.Server, leaderControllers server.CustomCont } serverConfig.ControlConfig.ClusterDNSs = append(serverConfig.ControlConfig.ClusterDNSs, parsed) } - // Set ClusterDNS to the first IPv4 address, for legacy clients - // unless only IPv6 range given - clusterDNS, _, _, err := util.GetFirstIP(serverConfig.ControlConfig.ClusterDNSs) - if err != nil { - return errors.Wrap(err, "cannot configure IPv4/IPv6 cluster-dns address") - } - serverConfig.ControlConfig.ClusterDNS = clusterDNS } + // Set ClusterDNS to the first IPv4 address, for legacy clients + // unless only IPv6 range given + clusterDNS, _, _, err := util.GetFirstIP(serverConfig.ControlConfig.ClusterDNSs) + if err != nil { + return errors.Wrap(err, "cannot configure IPv4/IPv6 cluster-dns address") + } + serverConfig.ControlConfig.ClusterDNS = clusterDNS + if err := validateNetworkConfiguration(serverConfig); err != nil { return err } @@ -577,18 +579,6 @@ func run(app *cli.Context, cfg *cmds.Server, leaderControllers server.CustomCont // validateNetworkConfig ensures that the network configuration values make sense. func validateNetworkConfiguration(serverConfig server.Config) error { - // Dual-stack operation requires fairly extensive manual configuration at the moment - do some - // preflight checks to make sure that the user isn't trying to use flannel/npc, or trying to - // enable dual-stack DNS (which we don't currently support since it's not easy to template) - dualDNS, err := utilsnet.IsDualStackIPs(serverConfig.ControlConfig.ClusterDNSs) - if err != nil { - return errors.Wrap(err, "failed to validate cluster-dns") - } - - if dualDNS == true { - return errors.New("dual-stack cluster-dns is not supported") - } - switch serverConfig.ControlConfig.EgressSelectorMode { case config.EgressSelectorModeCluster, config.EgressSelectorModePod: case config.EgressSelectorModeAgent, config.EgressSelectorModeDisabled: diff --git a/pkg/deploy/zz_generated_bindata.go b/pkg/deploy/zz_generated_bindata.go index 74d52de6b9fd..1e4a5e8f1a35 100644 --- a/pkg/deploy/zz_generated_bindata.go +++ b/pkg/deploy/zz_generated_bindata.go @@ -111,7 +111,7 @@ func ccmYaml() (*asset, error) { return a, nil } -var _corednsYaml = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xb4\x57\x51\x6f\xdb\x38\x12\x7e\xf7\xaf\x20\x04\xe4\xe5\x70\x72\xe2\x0b\xda\xcb\xf1\x2d\x8d\xdd\x36\xb8\xc4\x35\x6c\xa7\x40\xb1\x58\x04\x34\x39\xb6\xb8\xa1\x38\x5c\x92\x72\xe2\xed\xe6\xbf\x2f\x28\xc9\xb2\x68\x2b\x69\x92\xed\xfa\xc5\x92\x86\xf3\x0d\xf9\x71\xf8\xcd\x90\x19\xf9\x15\xac\x93\xa8\x29\x59\x0f\x7a\x77\x52\x0b\x4a\x66\x60\xd7\x92\xc3\x39\xe7\x58\x68\xdf\xcb\xc1\x33\xc1\x3c\xa3\x3d\x42\x34\xcb\x81\x12\x8e\x16\x84\x76\xf5\xbb\x33\x8c\x03\x25\x77\xc5\x02\x52\xb7\x71\x1e\xf2\x5e\x9a\xa6\xbd\x36\xb4\x5d\x30\xde\x67\x85\xcf\xd0\xca\x3f\x98\x97\xa8\xfb\x77\x67\xae\x2f\xf1\xb8\x09\x7a\xa1\x0a\xe7\xc1\x4e\x51\x41\x14\x51\xb1\x05\x28\x17\x9e\x48\x19\xc2\x6a\xf0\x50\xba\x2e\x10\xbd\xf3\x96\x19\x23\xf5\xaa\x8a\x91\x0a\x58\xb2\x42\x79\xd7\x4c\xb5\x9a\x10\xdd\xce\xd8\x16\x0a\x1c\xed\xa5\x84\x19\xf9\xc9\x62\x61\x4a\xe4\x94\x24\x49\x8f\x10\x0b\x0e\x0b\xcb\xa1\xfe\x06\x5a\x18\x94\xba\x04\x4b\x89\xab\x48\xa9\x5e\x0c\x8a\xea\xa1\x59\x7f\x78\x5d\x83\x5d\xd4\xbe\x4a\x3a\x5f\x3e\xdc\x33\xcf\xb3\xc3\x78\x42\x3a\x8e\x6b\xb0\x9b\x9a\x87\x67\xa2\x2b\xf9\x43\xf4\xbf\xc5\xf6\x07\xa9\x85\xd4\xab\x88\x74\xa6\x35\xfa\xd2\xb3\x66\xbe\x0b\x32\xda\x0c\x56\x78\x2c\x8c\x60\x1e\x28\x49\xbc\x2d\x20\xf9\xf9\x7b\x87\x0a\xa6\xb0\x2c\xe7\x57\xb3\xf9\xcc\x5a\x7b\x84\x1c\x26\xd6\x13\xc8\xae\x58\xfc\x06\xdc\x97\x89\xd1\x79\x04\xde\x9c\xf8\x3b\xc2\x51\x2f\xe5\xea\x9a\x99\xb7\x1c\xa7\xed\xf0\x0b\xb4\xb0\x94\x0a\x28\xf9\xb3\xe4\xb4\x4f\xdf\x9d\x92\xef\xe5\x63\xf8\x81\xb5\x68\x5d\xf3\x9a\x01\x53\x3e\x6b\x5e\x2d\x30\xb1\x69\xde\x76\xdb\x41\x8e\xbe\x5f\x5c\xdd\xcc\xe6\xa3\xe9\xed\xf0\xcb\xf5\xf9\xe5\xf8\xf1\x88\x48\x9d\x32\x21\x6c\x9f\x59\xc3\x88\x34\xef\xab\x87\x5d\x24\x52\x9e\x00\x22\xb5\x03\x5e\x58\x68\x7d\x5f\x32\xa5\x7c\x66\xb1\x58\x65\xdd\x28\xcd\xd8\xc7\xdd\x44\xd1\x79\x47\x8e\xc1\xf3\xe3\x9a\x8a\xe3\x31\x0a\xf8\x5c\x7e\x6e\x07\xf5\x5e\x91\xf7\x27\xad\x0f\x16\x14\x32\x41\x06\xef\x5c\xf7\x14\x3a\x82\x19\x8b\x39\xf8\x0c\x0a\x47\xe8\xff\x06\xef\x4e\x1b\xc3\x12\xed\x3d\xb3\x82\xf4\xab\x99\x84\xe3\xa8\xd6\x7d\x8e\x7a\xd9\x0c\xe1\x8c\x67\x40\x4e\x77\x33\x50\x88\xa6\x17\x4f\xa6\x65\x63\x62\xc1\x14\xd3\x7c\xc7\x8f\xcc\x0d\x5a\x1f\x2f\x95\x17\xce\x63\x7e\xfc\xaf\x7e\xd0\x03\x2b\x45\x35\xba\x9a\xf0\xb3\xe3\x83\x22\x81\x3d\x48\x39\x66\x8c\xdb\x1d\xf4\x21\x18\x85\x9b\x1c\xde\xa6\xe3\x7b\x47\xf8\xcc\xa5\xcc\x98\x7a\x48\xe5\xb8\x7f\xb0\x2b\xe0\x24\x64\xea\x70\x3c\x4b\x7a\xce\x00\xa7\xa5\xba\xad\x65\x98\xdf\x67\xe9\x3c\xda\xcd\x95\xcc\xa5\xa7\x24\x30\x19\x64\xc0\xc3\x6a\x53\xc5\xf0\x1b\x03\x94\x4c\x51\x29\xa9\x57\x37\xa5\xa0\x54\x02\xd4\xfe\x42\x6b\x42\x73\xf6\x70\xa3\xd9\x9a\x49\xc5\x16\xe1\x54\x0c\x02\x1c\x28\xe0\x1e\x6d\x35\x26\x0f\x02\x79\xd5\x5a\x43\xf7\x2a\x3c\xe4\x46\x35\xc0\x6d\xa2\xca\x9d\x8c\xfc\x9f\xe2\x61\xbb\xd2\x2a\xc9\x24\x5a\xe9\x37\x17\x8a\x39\x37\xae\x28\xa9\x28\x4d\x79\x25\x47\x29\xb7\xd2\x4b\xce\x54\x52\xbb\xb8\x48\x71\xc6\x7b\xfb\x53\x52\x83\x0a\x6c\x5b\x94\xc3\x2f\x25\x77\xb0\x09\x84\xd7\x70\xe7\x42\xa0\x76\x5f\xb4\xda\x24\xad\x23\x81\x26\x78\xa2\xa5\x24\x19\x3d\x48\xe7\x5d\x72\x00\xa0\x51\x40\x1a\x24\x76\x4f\xd8\x39\x6a\x6f\x51\xa5\x46\x31\x0d\x2f\xc4\x24\x04\x96\x4b\xe0\x9e\x92\x64\x8c\x33\x9e\x81\x28\x14\xbc\x3c\x64\xce\x02\x43\x3f\x23\x56\x88\x30\x8b\x12\xe2\x30\x63\xd1\x51\xa2\xa4\x2e\x1e\x1a\x9a\x0d\x2a\x5c\x6d\x66\x26\x28\xe6\x05\xea\x90\xa0\xa1\x10\xb7\x49\xcf\xd9\xc3\xec\x0e\xee\xab\x94\xdb\xfe\xb6\x9e\xff\x0f\xab\x8b\x83\x04\x89\x0b\x47\xa3\x35\xfa\x3e\x03\x7d\xa3\x1d\xf3\xd2\x2d\x65\x95\xbf\x43\x1c\xa3\xdf\xae\xa1\x35\xb4\x4c\xc0\xc3\x75\x3c\x91\xe0\xcf\xa7\x29\x21\x61\x47\x99\xd4\x60\x1b\x8f\xf4\x40\x0f\xaa\x9f\xcc\xd9\x0a\x28\x39\xfa\x3e\xfb\x36\x9b\x8f\xae\x6f\x87\xa3\x8f\xe7\x37\x57\xf3\xdb\xe9\xe8\xd3\xe5\x6c\x3e\xfd\xf6\x78\x64\x99\xe6\x19\xd8\xe3\x5c\x86\xda\x03\x22\xad\x21\xb6\xff\x74\xd0\x1f\x9c\xf4\x07\x31\xe2\xa4\x50\x6a\x82\x4a\xf2\x0d\x25\x97\xcb\x31\xfa\x89\x05\x07\x65\x99\xad\x7e\x51\x2b\xd4\x90\x10\x24\x63\x6f\x91\x39\xe4\x68\x37\x94\x0c\xfe\x7b\x72\x2d\xa3\xba\xf0\x7b\x01\x6e\x7f\x34\x37\x05\x25\x83\x93\x93\xbc\x13\x23\x82\x60\x76\xe5\x28\xf9\x85\x24\x69\x28\x00\xc9\xbf\x49\x12\x69\xf0\xb6\x10\x27\xe4\xd7\xc6\x65\x8d\xaa\xc8\xe1\x3a\x9c\xde\x28\x55\xb6\xd4\x86\xfa\x9f\x56\x83\x5a\xf1\xf3\x30\x7e\xc2\x7c\x46\x23\x95\x8f\xd6\xc2\x44\x38\xcf\x94\x84\xb6\xea\x10\xb8\x2c\x07\xe9\x2b\xf1\xeb\x2a\xf2\xe3\x30\xa1\xfe\x44\xcb\x69\xb2\x67\x82\xd6\x53\xd2\x2a\xa0\xdb\xaa\x12\x4f\xdf\x58\xf4\xc8\x51\x51\x72\x33\x9c\xbc\x16\x27\xf5\xdc\x74\x62\xcd\x2f\x9e\xc1\x8a\xca\xfa\x16\x2d\x07\x6f\x25\xef\x9e\x59\x1b\xad\xec\x68\x82\x74\xa3\xf6\xf0\xe0\xdb\x19\xc4\x94\xc2\xfb\x89\x95\x6b\xa9\x60\x05\x23\xc7\x99\x2a\xe5\x98\x86\x96\xc3\xb5\x59\xe7\xcc\xb0\x85\x54\xd2\x4b\xd8\xcb\x41\x26\x44\xfc\x21\x25\xe3\xd1\xfc\xf6\xc3\xe5\x78\x78\x3b\x1b\x4d\xbf\x5e\x5e\x8c\x22\xb3\xb0\x68\xf6\x1d\x98\x52\x1d\x1b\x37\x45\xf4\x1f\xa5\x82\xba\xb7\x8d\xb7\x51\xc9\x35\x68\x70\x6e\x62\x71\x01\x6d\xbc\xcc\x7b\xf3\x09\x7c\x1c\xc2\x54\xf9\xb2\xd7\x40\x92\x3a\x1d\x28\x39\x3b\x39\x3b\x89\x3e\x3b\x9e\x41\x20\xf9\xf3\x7c\x3e\x69\x19\xa4\x96\x5e\x32\x35\x04\xc5\x36\x33\xe0\xa8\x85\xa3\x71\x03\x67\xc0\x4a\x14\x8d\x6d\xd0\xb6\x79\x99\x03\x16\x7e\x67\x6c\xd9\x5c\xc1\x39\x38\x37\xcf\x2c\xb8\x0c\x95\x88\xad\x4b\x26\x55\x61\xa1\x65\x3d\x8d\xda\x60\xf9\x6a\x2a\xe2\xe6\xb9\xc5\xc4\xe0\x6c\xf0\x66\x26\x9e\x21\xe2\x3f\xff\x30\x0f\x42\xbb\xad\x02\x0f\xab\x6b\x57\x6d\xa8\x04\xe4\x15\x02\xc6\xb7\x17\x9b\x98\xb7\xee\x82\x52\x52\xe1\x21\x77\xfb\x29\x5d\x36\x04\x5b\x55\xdd\xab\x63\xd5\x16\x74\x1a\x6b\xc7\xe6\xb6\xd0\xe9\x79\x68\x7d\xa1\x76\xbe\x64\x69\xe9\x81\x90\x86\x6e\x25\xa8\x02\x53\xf5\x19\x7c\xf2\x4e\x58\x5f\x32\x3b\x1a\xf3\x56\xc5\x7e\xb2\x33\x3f\xb8\xa3\xef\x6e\x36\xa1\xe3\xa8\xf2\x33\x09\x5a\x98\x74\x98\x1d\xb7\xcc\x3c\x79\x57\x7f\x41\xa3\xbf\xed\x63\xeb\xbe\xb5\x85\xf4\xd2\x2b\x41\xdc\xa9\x77\xc5\xac\x63\x5c\x4e\x68\xfb\x92\x3a\x9e\x3d\x1e\xf5\x5a\x95\x29\xdd\xab\x3b\xa6\x5d\x50\xf6\xcb\x4f\xda\x51\x5c\x9e\x70\xa8\xaa\x42\xda\x51\x3f\x4c\x5c\x66\x62\x97\xbf\x02\x00\x00\xff\xff\x2b\x8d\x4e\x50\x53\x13\x00\x00") +var _corednsYaml = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xb4\x57\xdf\x6f\xe3\xbe\x0d\x7f\xcf\x5f\x21\x18\xe8\xcb\x30\xa7\xcd\x8a\xbb\x75\x7a\xeb\x25\xe9\x5d\xb0\x36\x17\x24\xe9\x01\xc5\x30\x14\x8a\xcc\xc4\x5a\x65\x51\x93\xe4\xb4\xd9\xad\xff\xfb\x20\xff\x8a\x95\xb8\xbd\xb6\xbb\x6f\x5e\x62\x9b\x22\x29\x7e\x44\x7e\x48\x31\x2d\x7e\x80\xb1\x02\x15\x25\xdb\x41\xef\x41\xa8\x84\x92\x05\x98\xad\xe0\x70\xc9\x39\xe6\xca\xf5\x32\x70\x2c\x61\x8e\xd1\x1e\x21\x8a\x65\x40\x09\x47\x03\x89\xb2\xd5\xbb\xd5\x8c\x03\x25\x0f\xf9\x0a\x62\xbb\xb3\x0e\xb2\x5e\x1c\xc7\xbd\xb6\x69\xb3\x62\xbc\xcf\x72\x97\xa2\x11\xff\x61\x4e\xa0\xea\x3f\x5c\xd8\xbe\xc0\xd3\xc6\xe9\x50\xe6\xd6\x81\x99\xa3\x84\xc0\xa3\x64\x2b\x90\xd6\x3f\x91\xc2\x85\x51\xe0\xa0\x50\x5d\x21\x3a\xeb\x0c\xd3\x5a\xa8\x4d\xe9\x23\x4e\x60\xcd\x72\xe9\x6c\xb3\xd5\x72\x43\xb4\xde\xb1\xc9\x25\x58\xda\x8b\x09\xd3\xe2\xab\xc1\x5c\x17\x96\x63\x12\x45\x3d\x42\x0c\x58\xcc\x0d\x87\xea\x1b\xa8\x44\xa3\x50\x85\xb1\x98\xd8\x12\x94\xf2\x45\x63\x52\x3e\x34\xf1\xfb\xd7\x2d\x98\x55\xa5\x2b\x85\x75\xc5\xc3\x23\x73\x3c\x3d\xf6\x97\x08\xcb\x71\x0b\x66\x57\xe1\xf0\x8a\x77\x29\x7e\x69\xfd\xff\x42\xfb\x8b\x50\x89\x50\x9b\x00\x74\xa6\x14\xba\x42\xb3\x42\xbe\xcb\x64\x70\x18\x2c\x77\x98\xeb\x84\x39\xa0\x24\x72\x26\x87\xe8\xf7\x9f\x1d\x4a\x98\xc3\xba\xd8\x5f\x85\xe6\x2b\xb1\xf6\x08\x39\x4e\xac\x17\x2c\xdb\x7c\xf5\x2f\xe0\xae\x48\x8c\xce\x12\xf8\x70\xe2\xef\x01\x47\xb5\x16\x9b\x1b\xa6\x3f\x52\x4e\xf5\xf2\x21\x1a\x58\x0b\x09\x94\xfc\xb7\xc0\xb4\x4f\x3f\x9d\x93\x9f\xc5\xa3\xff\x81\x31\x68\x6c\xf3\x9a\x02\x93\x2e\x6d\x5e\x0d\xb0\x64\xd7\xbc\xed\x8f\x83\x9c\xfc\x1c\x5e\xdf\x2e\x96\xe3\xf9\xfd\xe8\xfb\xcd\xe5\x64\xfa\x7c\x42\x84\x8a\x59\x92\x98\x3e\x33\x9a\x11\xa1\x3f\x97\x0f\x7b\x4f\xa4\xa8\x00\x22\x94\x05\x9e\x1b\x68\x7d\x5f\x33\x29\x5d\x6a\x30\xdf\xa4\xdd\x56\x9a\xb5\xcf\xfb\x8d\xa2\x75\x96\x9c\x82\xe3\xa7\x15\x14\xa7\x53\x4c\xe0\x5b\xf1\xb9\xed\xd4\x39\x49\x3e\x9f\xb5\x3e\x18\x90\xc8\x12\x32\xf8\x64\xbb\xb7\xd0\xe1\x4c\x1b\xcc\xc0\xa5\x90\x5b\x42\xff\x36\xf8\x74\xde\x08\xd6\x68\x1e\x99\x49\x48\xbf\xdc\x89\x2f\x47\xb9\xed\x73\x54\xeb\x66\x09\x67\x3c\x05\x72\xbe\xdf\x81\x44\xd4\xbd\x70\x33\x2d\x19\x4b\x56\x4c\x32\xc5\xf7\xf8\x88\x4c\xa3\x71\x61\xa8\x3c\xb7\x0e\xb3\xd3\x3f\xf5\x3d\x1f\x18\x91\x94\xab\xcb\x0d\xbf\xba\xde\x33\x12\x98\xa3\x94\x63\x5a\xdb\x7d\xa1\x8f\x40\x4b\xdc\x65\xf0\x31\x1e\x3f\x28\xe1\x0b\x1b\x33\xad\xab\x25\xa5\xe2\x61\x61\x97\x86\x23\x9f\xa9\xa3\xe9\x22\xea\x59\x0d\x9c\x16\xec\xb6\x15\x7e\x7f\xdf\x84\x75\x68\x76\xd7\x22\x13\x8e\x12\x8f\xa4\xa7\x01\x07\x9b\x5d\xe9\xc3\xed\x34\x50\x32\x47\x29\x85\xda\xdc\x16\x84\x52\x12\x50\xfb\x0b\xad\x00\xcd\xd8\xd3\xad\x62\x5b\x26\x24\x5b\xf9\xaa\x18\x78\x73\x20\x81\x3b\x34\xe5\x9a\xcc\x13\xe4\x75\x2b\x86\xee\x28\x1c\x64\x5a\x36\x86\xdb\x40\x15\x27\x19\xe8\xbf\x84\x43\x1d\x69\x99\x64\x02\x8d\x70\xbb\xa1\x64\xd6\x4e\x4b\x48\x4a\x48\x63\x5e\xd2\x51\xcc\x8d\x70\x82\x33\x19\x55\x2a\x36\x60\x9c\xe9\xc1\xf9\x14\xd0\xa0\x04\xd3\x26\x65\xff\x8b\xc9\x03\xec\x3c\xe0\x95\xb9\xcb\x24\x41\x65\xbf\x2b\xb9\x8b\x5a\x25\x81\xda\x6b\xa2\xa1\x24\x1a\x3f\x09\xeb\x6c\x74\x64\x40\x61\x02\xb1\xa7\xd8\x03\x62\xe7\xa8\x9c\x41\x19\x6b\xc9\x14\xbc\xd1\x26\x21\xb0\x5e\x03\x77\x94\x44\x53\x5c\xf0\x14\x92\x5c\xc2\xdb\x5d\x66\xcc\x23\xf4\x3b\x7c\x79\x0f\x8b\x20\x21\x8e\x33\x16\x2d\x25\x52\xa8\xfc\xa9\x81\x59\xa3\xc4\xcd\x6e\xa1\x3d\x63\x0e\x51\xf9\x04\xf5\x8d\xb8\x0d\x7a\xc6\x9e\x16\x0f\xf0\x58\xa6\x5c\xfd\xab\x35\xff\xee\xa3\x0b\x9d\x78\x8a\xf3\xa5\xd1\x5a\xfd\x98\x82\xba\x55\x96\x39\x61\xd7\xa2\xcc\xdf\x11\x4e\xd1\xd5\x31\xb4\x96\x16\x09\x78\x1c\xc7\x0b\x09\xfe\x7a\x9a\x12\xe2\x4f\x94\x09\x05\xa6\xd1\x88\x8f\xf8\xa0\xfc\x89\x8c\x6d\x80\x92\x93\x9f\x8b\xbb\xc5\x72\x7c\x73\x3f\x1a\x5f\x5d\xde\x5e\x2f\xef\xe7\xe3\xaf\x93\xc5\x72\x7e\xf7\x7c\x62\x98\xe2\x29\x98\xd3\x4c\xf8\xde\x03\x49\x5c\x99\xa8\xff\xe9\xa0\x3f\x38\xeb\x0f\x42\x8b\xb3\x5c\xca\x19\x4a\xc1\x77\x94\x4c\xd6\x53\x74\x33\x03\x16\x8a\x36\x5b\xfe\x82\x51\xa8\x01\xc1\x53\xc6\x41\x90\x19\x64\x68\x76\x94\x0c\xfe\x7a\x76\x23\x82\xbe\xf0\xef\x1c\xec\xe1\x6a\xae\x73\x4a\x06\x67\x67\x59\xa7\x8d\xc0\x04\x33\x1b\x4b\xc9\x3f\x48\x14\xfb\x06\x10\xfd\x99\x44\x01\x07\xd7\x8d\x38\x22\xff\x6c\x54\xb6\x28\xf3\x0c\x6e\x7c\xf5\x06\xa9\x52\x43\xeb\xfb\x7f\x5c\x2e\x6a\xf9\xcf\xfc\xfa\x19\x73\x29\x0d\x58\x3e\x88\x85\x25\xbe\x9e\x29\xf1\x63\xd5\xb1\xe1\xa2\x1d\xc4\xef\xb4\x5f\x75\x91\x5f\xbb\xf1\xfd\x27\x08\xa7\xc9\x9e\x19\x1a\x47\x49\xab\x81\xd6\x5d\x25\xdc\xbe\x36\xe8\x90\xa3\xa4\xe4\x76\x34\x7b\xaf\x9d\xd8\x71\xdd\x69\x6b\x39\x7c\xc5\x56\xd0\xd6\x6b\x6b\x19\x38\x23\x78\xf7\xce\xda\xd6\x8a\x89\xc6\x53\x37\x2a\x07\x4f\xae\x9d\x41\x4c\x4a\x7c\x9c\x19\xb1\x15\x12\x36\x30\xb6\x9c\xc9\x82\x8e\xa9\x1f\x39\x6c\x1b\x75\xce\x34\x5b\x09\x29\x9c\x80\x83\x1c\x64\x49\x12\x7e\x88\xc9\x74\xbc\xbc\xff\x32\x99\x8e\xee\x17\xe3\xf9\x8f\xc9\x70\x1c\x88\x13\x83\xfa\x50\x81\x49\xd9\x71\x70\x73\x44\x77\x25\x24\x54\xb3\x6d\x78\x8c\x52\x6c\x41\x81\xb5\x33\x83\x2b\x68\xdb\x4b\x9d\xd3\x5f\xc1\x85\x2e\x74\x99\x2f\x07\x03\x24\xa9\xd2\x81\x92\x8b\xb3\x8b\xb3\xe0\xb3\xe5\x29\x78\x90\xbf\x2d\x97\xb3\x96\x40\x28\xe1\x04\x93\x23\x90\x6c\xb7\x00\x8e\x2a\xb1\x34\x1c\xe0\x34\x18\x81\x49\x23\x1b\xb4\x65\x4e\x64\x80\xb9\xdb\x0b\x5b\x32\x9b\x73\x0e\xd6\x2e\x53\x03\x36\x45\x99\x84\xd2\x35\x13\x32\x37\xd0\x92\x9e\x07\x63\xb0\x78\x37\x14\xe1\xf0\xdc\x42\x62\x70\x31\xf8\x30\x12\xaf\x00\xf1\x97\x3f\x18\x87\x44\xd9\x9a\x81\x47\xe5\xb5\xab\x12\x94\x04\xf2\x0e\x02\xe3\xf5\xc5\x26\xc4\xad\xbb\xa1\x14\x50\x38\xc8\xec\x61\x4a\x17\x03\x41\xcd\xaa\x07\x7d\xac\x3c\x82\x4e\x61\xa5\xd8\xdc\x16\x3a\x35\x8f\xa5\x6f\xe4\xce\xb7\x84\x16\x1f\x11\xa9\x9f\x56\x3c\x2b\x30\x59\xd5\xe0\x8b\x77\xc2\xea\x92\xd9\x31\x98\xb7\x3a\xf6\x8b\x93\xf9\xd1\x1d\x7d\x7f\xb3\xf1\x13\x47\x99\x9f\x91\xe7\xc2\xa8\x43\x6c\xb9\x61\xfa\xc5\xbb\xfa\x1b\x06\xfd\x7a\x8e\xad\xe6\xd6\x96\xa5\xb7\x5e\x09\xc2\x49\xbd\xcb\x67\xe5\x63\x32\xa3\xed\x4b\xea\x74\xf1\x7c\xd2\x16\xda\x03\xe9\xfd\xf5\x64\xb1\x2c\x96\x34\xcd\x2b\x3e\x68\x4d\xba\xdd\x73\x0e\x3b\x54\xdc\xd1\x7f\x5e\x50\x28\x1b\x47\xdc\xd1\x62\x74\xd8\x89\x0e\x55\x84\xbe\x62\x99\x90\xbb\xba\x08\xc3\x00\x26\xb3\xab\xcb\x9b\xc9\xf5\xdd\xec\xfb\xf5\x64\x78\xf7\x7c\xd2\xfb\x5f\x00\x00\x00\xff\xff\x36\x35\x9b\xa2\xa7\x13\x00\x00") func corednsYamlBytes() ([]byte, error) { return bindataRead( @@ -251,7 +251,7 @@ func metricsServerMetricsServerDeploymentYaml() (*asset, error) { return a, nil } -var _metricsServerMetricsServerServiceYaml = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x6c\x8e\x3f\x4b\x04\x31\x10\xc5\xfb\x7c\x8a\x61\xfb\x28\xe2\x15\x92\xd6\x5a\x38\x50\xec\xe7\x72\x0f\x0d\x97\x4d\xc2\xcc\xec\x82\xdf\x5e\x76\xf6\x9a\x83\xed\x92\x37\xef\xcf\x2f\xc6\x18\x78\x94\x6f\x88\x96\xde\x12\xad\x2f\xe1\x56\xda\x35\xd1\x27\x64\x2d\x19\x61\x86\xf1\x95\x8d\x53\x20\x6a\x3c\x23\xd1\x0c\x93\x92\x35\x2a\x64\x85\xdc\x65\x1d\x9c\x91\xe8\xb6\x5c\x10\xf5\x4f\x0d\x73\x20\xaa\x7c\x41\xd5\x2d\x49\x7e\x91\x06\x83\x3e\x95\xfe\xbc\x37\x4d\x1f\x0f\x55\xd3\x81\x31\xd7\x45\x0d\xe2\x8e\xb2\x2d\x4c\x26\x0b\xa6\xa0\x03\x79\x2b\x56\x54\x64\xeb\x72\x1f\x79\xd3\xc8\x63\x1c\x30\x8e\x2e\xe6\x24\xd1\x9f\x89\x4e\xa7\x57\x8f\xec\x24\xbf\x66\x43\xfd\x3f\xa4\x5b\xcf\xbd\x26\xfa\x7a\x3f\xbb\x62\x2c\x3f\xb0\xb3\xa7\x76\xdf\x7f\x00\x00\x00\xff\xff\x7e\x3b\x1f\x83\x35\x01\x00\x00") +var _metricsServerMetricsServerServiceYaml = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x6c\x8e\x3f\x4b\x04\x31\x10\xc5\xfb\x7c\x8a\x61\xfb\x28\xe2\x15\x92\x56\xb1\x13\x16\x4e\xec\xe7\x72\x4f\x0d\x9b\x6c\xc2\xcc\xec\xc2\x7e\x7b\xd9\xdc\x59\x1c\x5c\x97\xbc\x79\x7f\x7e\xde\x7b\xc7\x2d\x7d\x41\x34\xd5\x39\xd0\xfa\xe4\xa6\x34\x9f\x03\x1d\x21\x6b\x8a\x70\x05\xc6\x67\x36\x0e\x8e\x68\xe6\x82\x40\x05\x26\x29\xaa\x57\xc8\x0a\xb9\xca\xda\x38\x22\xd0\xb4\x9c\xe0\x75\x53\x43\x71\x44\x99\x4f\xc8\xba\x27\xa9\x5f\x64\x86\x41\x1f\x52\x7d\xbc\x34\x0d\x1f\x37\x55\xc3\x1d\x63\xcc\x8b\x1a\xa4\x3b\xd2\xbe\x30\x98\x2c\x18\x9c\x36\xc4\xbd\x58\x91\x11\xad\xca\x75\xe4\x45\x3d\xb7\x76\x87\xb1\x55\xb1\x4e\xe2\xfb\x33\xd0\xe1\xf0\xdc\x23\x17\x92\x5f\xb3\xa6\xfd\xdf\xa4\x5a\x8d\x35\x07\xfa\x7c\x1d\xbb\x62\x2c\x3f\xb0\xb1\xa7\xfe\x7d\xa9\xbd\x73\x49\x79\x1b\x6b\x4e\x71\x0b\x34\x0a\xbe\x21\x6f\x0b\xe7\xa3\x71\x9c\xdc\x5f\x00\x00\x00\xff\xff\x7b\xf5\x71\x2a\x57\x01\x00\x00") func metricsServerMetricsServerServiceYamlBytes() ([]byte, error) { return bindataRead( diff --git a/pkg/server/server.go b/pkg/server/server.go index c34e05213fc0..7614187a127b 100644 --- a/pkg/server/server.go +++ b/pkg/server/server.go @@ -272,8 +272,16 @@ func stageFiles(ctx context.Context, sc *Context, controlConfig *config.Control) return err } dataDir = filepath.Join(controlConfig.DataDir, "manifests") + + dnsIPFamilyPolicy := "PreferDualStack" + if len(controlConfig.ClusterDNSs) == 1 { + dnsIPFamilyPolicy = "SingleStack" + } + templateVars := map[string]string{ "%{CLUSTER_DNS}%": controlConfig.ClusterDNS.String(), + "%{CLUSTER_DNS_LIST}%": fmt.Sprintf("[%s]", util.JoinIPs(controlConfig.ClusterDNSs)), + "%{CLUSTER_DNS_IPFAMILYPOLICY}%": dnsIPFamilyPolicy, "%{CLUSTER_DOMAIN}%": controlConfig.ClusterDomain, "%{DEFAULT_LOCAL_STORAGE_PATH}%": controlConfig.DefaultLocalStoragePath, "%{SYSTEM_DEFAULT_REGISTRY}%": registryTemplate(controlConfig.SystemDefaultRegistry), From dbb6280d70023221b8e583c6fddf6d6dcce45d8a Mon Sep 17 00:00:00 2001 From: Manuel Buil Date: Thu, 21 Sep 2023 15:39:05 +0200 Subject: [PATCH 2/2] Take IPFamily precedence based on order Signed-off-by: Manuel Buil --- pkg/agent/config/config.go | 10 ++-- pkg/agent/flannel/setup.go | 3 +- pkg/agent/run.go | 7 ++- pkg/cli/server/server.go | 44 ++++-------------- pkg/cluster/cluster.go | 5 +- pkg/daemons/config/types.go | 3 +- pkg/util/net.go | 93 +++++++++++-------------------------- 7 files changed, 52 insertions(+), 113 deletions(-) diff --git a/pkg/agent/config/config.go b/pkg/agent/config/config.go index 0798642c06e1..8e4683212bc1 100644 --- a/pkg/agent/config/config.go +++ b/pkg/agent/config/config.go @@ -557,22 +557,18 @@ func get(ctx context.Context, envInfo *cmds.Agent, proxy proxy.Proxy) (*config.N nodeConfig.Certificate = servingCert nodeConfig.AgentConfig.NodeIPs = nodeIPs - nodeIP, listenAddress, _, err := util.GetFirstIP(nodeIPs) + listenAddress, _, _, err := util.GetDefaultAddresses(nodeIPs[0]) if err != nil { return nil, errors.Wrap(err, "cannot configure IPv4/IPv6 node-ip") } - nodeConfig.AgentConfig.NodeIP = nodeIP.String() + nodeConfig.AgentConfig.NodeIP = nodeIPs[0].String() nodeConfig.AgentConfig.ListenAddress = listenAddress nodeConfig.AgentConfig.NodeExternalIPs = nodeExternalIPs // if configured, set NodeExternalIP to the first IPv4 address, for legacy clients // unless only IPv6 address given if len(nodeConfig.AgentConfig.NodeExternalIPs) > 0 { - nodeExternalIP, _, _, err := util.GetFirstIP(nodeConfig.AgentConfig.NodeExternalIPs) - if err != nil { - return nil, errors.Wrap(err, "cannot configure IPv4/IPv6 node-external-ip") - } - nodeConfig.AgentConfig.NodeExternalIP = nodeExternalIP.String() + nodeConfig.AgentConfig.NodeExternalIP = nodeConfig.AgentConfig.NodeExternalIPs[0].String() } nodeConfig.NoFlannel = nodeConfig.FlannelBackend == config.FlannelBackendNone diff --git a/pkg/agent/flannel/setup.go b/pkg/agent/flannel/setup.go index 2a5db3f4a2a2..479f6d604f48 100644 --- a/pkg/agent/flannel/setup.go +++ b/pkg/agent/flannel/setup.go @@ -188,12 +188,13 @@ func createFlannelConf(nodeConfig *config.Node) error { confJSON = strings.ReplaceAll(confJSON, "%IPV6_ENABLED%", "false") confJSON = strings.ReplaceAll(confJSON, "%CIDR_IPV6%", emptyIPv6Network) } else if netMode == (ipv4 + ipv6) { - confJSON = strings.ReplaceAll(confJSON, "%CIDR%", nodeConfig.AgentConfig.ClusterCIDR.String()) confJSON = strings.ReplaceAll(confJSON, "%IPV6_ENABLED%", "true") for _, cidr := range nodeConfig.AgentConfig.ClusterCIDRs { if utilsnet.IsIPv6(cidr.IP) { // Only one ipv6 range available. This might change in future: https://github.com/kubernetes/enhancements/issues/2593 confJSON = strings.ReplaceAll(confJSON, "%CIDR_IPV6%", cidr.String()) + } else { + confJSON = strings.ReplaceAll(confJSON, "%CIDR%", cidr.String()) } } } else { diff --git a/pkg/agent/run.go b/pkg/agent/run.go index 250ba947babf..216d7af547b9 100644 --- a/pkg/agent/run.go +++ b/pkg/agent/run.go @@ -69,12 +69,17 @@ func run(ctx context.Context, cfg cmds.Agent, proxy proxy.Proxy) error { serviceIPv6 := utilsnet.IsIPv6CIDR(nodeConfig.AgentConfig.ServiceCIDR) clusterIPv6 := utilsnet.IsIPv6CIDR(nodeConfig.AgentConfig.ClusterCIDR) nodeIPv6 := utilsnet.IsIPv6String(nodeConfig.AgentConfig.NodeIP) + + // check that cluster-cidr and service-cidr have the same IP versions if (serviceIPv6 != clusterIPv6) || (dualCluster != dualService) || (serviceIPv4 != clusterIPv4) { return fmt.Errorf("cluster-cidr: %v and service-cidr: %v, must share the same IP version (IPv4, IPv6 or dual-stack)", nodeConfig.AgentConfig.ClusterCIDRs, nodeConfig.AgentConfig.ServiceCIDRs) } - if (clusterIPv6 && !nodeIPv6) || (dualCluster && !dualNode) || (clusterIPv4 && !nodeIPv4) { + + // check that node-ip has the IP versions set in cluster-cidr + if (clusterIPv6 && !(nodeIPv6 || dualNode)) || (dualCluster && !dualNode) || (clusterIPv4 && !(nodeIPv4 || dualNode)) { return fmt.Errorf("cluster-cidr: %v and node-ip: %v, must share the same IP version (IPv4, IPv6 or dual-stack)", nodeConfig.AgentConfig.ClusterCIDRs, nodeConfig.AgentConfig.NodeIPs) } + enableIPv6 := dualCluster || clusterIPv6 enableIPv4 := dualCluster || clusterIPv4 diff --git a/pkg/cli/server/server.go b/pkg/cli/server/server.go index af8bec891cbb..e638af5a448a 100644 --- a/pkg/cli/server/server.go +++ b/pkg/cli/server/server.go @@ -298,14 +298,10 @@ func run(app *cli.Context, cfg *cmds.Server, leaderControllers server.CustomCont serverConfig.ControlConfig.SANs = append(serverConfig.ControlConfig.SANs, serverConfig.ControlConfig.AdvertiseIP) } - // configure ClusterIPRanges - _, _, IPv6only, _ := util.GetFirstIP(nodeIPs) + // configure ClusterIPRanges. Use default 10.42.0.0/16 or fd00:42::/56 if user did not set it + _, defaultClusterCIDR, defaultServiceCIDR, _ := util.GetDefaultAddresses(nodeIPs[0]) if len(cmds.ServerConfig.ClusterCIDR) == 0 { - clusterCIDR := "10.42.0.0/16" - if IPv6only { - clusterCIDR = "fd00:42::/56" - } - cmds.ServerConfig.ClusterCIDR.Set(clusterCIDR) + cmds.ServerConfig.ClusterCIDR.Set(defaultClusterCIDR) } for _, cidr := range util.SplitStringSlice(cmds.ServerConfig.ClusterCIDR) { _, parsed, err := net.ParseCIDR(cidr) @@ -315,21 +311,12 @@ func run(app *cli.Context, cfg *cmds.Server, leaderControllers server.CustomCont serverConfig.ControlConfig.ClusterIPRanges = append(serverConfig.ControlConfig.ClusterIPRanges, parsed) } - // set ClusterIPRange to the first IPv4 block, for legacy clients - // unless only IPv6 range given - clusterIPRange, err := util.GetFirstNet(serverConfig.ControlConfig.ClusterIPRanges) - if err != nil { - return errors.Wrap(err, "cannot configure IPv4/IPv6 cluster-cidr") - } - serverConfig.ControlConfig.ClusterIPRange = clusterIPRange + // set ClusterIPRange to the first address (first defined IPFamily is preferred) + serverConfig.ControlConfig.ClusterIPRange = serverConfig.ControlConfig.ClusterIPRanges[0] - // configure ServiceIPRanges + // configure ServiceIPRanges. Use default 10.43.0.0/16 or fd00:43::/112 if user did not set it if len(cmds.ServerConfig.ServiceCIDR) == 0 { - serviceCIDR := "10.43.0.0/16" - if IPv6only { - serviceCIDR = "fd00:43::/112" - } - cmds.ServerConfig.ServiceCIDR.Set(serviceCIDR) + cmds.ServerConfig.ServiceCIDR.Set(defaultServiceCIDR) } for _, cidr := range util.SplitStringSlice(cmds.ServerConfig.ServiceCIDR) { _, parsed, err := net.ParseCIDR(cidr) @@ -339,13 +326,8 @@ func run(app *cli.Context, cfg *cmds.Server, leaderControllers server.CustomCont serverConfig.ControlConfig.ServiceIPRanges = append(serverConfig.ControlConfig.ServiceIPRanges, parsed) } - // set ServiceIPRange to the first IPv4 block, for legacy clients - // unless only IPv6 range given - serviceIPRange, err := util.GetFirstNet(serverConfig.ControlConfig.ServiceIPRanges) - if err != nil { - return errors.Wrap(err, "cannot configure IPv4/IPv6 service-cidr") - } - serverConfig.ControlConfig.ServiceIPRange = serviceIPRange + // set ServiceIPRange to the first address (first defined IPFamily is preferred) + serverConfig.ControlConfig.ServiceIPRange = serverConfig.ControlConfig.ServiceIPRanges[0] serverConfig.ControlConfig.ServiceNodePortRange, err = utilnet.ParsePortRange(cfg.ServiceNodePortRange) if err != nil { @@ -381,13 +363,7 @@ func run(app *cli.Context, cfg *cmds.Server, leaderControllers server.CustomCont } } - // Set ClusterDNS to the first IPv4 address, for legacy clients - // unless only IPv6 range given - clusterDNS, _, _, err := util.GetFirstIP(serverConfig.ControlConfig.ClusterDNSs) - if err != nil { - return errors.Wrap(err, "cannot configure IPv4/IPv6 cluster-dns address") - } - serverConfig.ControlConfig.ClusterDNS = clusterDNS + serverConfig.ControlConfig.ClusterDNS = serverConfig.ControlConfig.ClusterDNSs[0] if err := validateNetworkConfiguration(serverConfig); err != nil { return err diff --git a/pkg/cluster/cluster.go b/pkg/cluster/cluster.go index 0ed707ebf1eb..7e3ecf268695 100644 --- a/pkg/cluster/cluster.go +++ b/pkg/cluster/cluster.go @@ -10,10 +10,10 @@ import ( "github.com/k3s-io/k3s/pkg/cluster/managed" "github.com/k3s-io/k3s/pkg/daemons/config" "github.com/k3s-io/k3s/pkg/etcd" - "github.com/k3s-io/k3s/pkg/util" "github.com/k3s-io/kine/pkg/endpoint" "github.com/pkg/errors" "github.com/sirupsen/logrus" + utilsnet "k8s.io/utils/net" ) type Cluster struct { @@ -54,8 +54,7 @@ func (c *Cluster) Start(ctx context.Context) (<-chan struct{}, error) { clientURL.Host = clientURL.Hostname() + ":2379" clientURLs = append(clientURLs, clientURL.String()) } - IPv6OnlyService, _ := util.IsIPv6OnlyCIDRs(c.config.ServiceIPRanges) - etcdProxy, err := etcd.NewETCDProxy(ctx, true, c.config.DataDir, clientURLs[0], IPv6OnlyService) + etcdProxy, err := etcd.NewETCDProxy(ctx, true, c.config.DataDir, clientURLs[0], utilsnet.IsIPv6CIDR(c.config.ServiceIPRanges[0])) if err != nil { return nil, err } diff --git a/pkg/daemons/config/types.go b/pkg/daemons/config/types.go index 8391a0ae1a0a..22dba3ed4a85 100644 --- a/pkg/daemons/config/types.go +++ b/pkg/daemons/config/types.go @@ -10,7 +10,6 @@ import ( "sync" "time" - "github.com/k3s-io/k3s/pkg/util" "github.com/k3s-io/kine/pkg/endpoint" "github.com/rancher/wrangler/pkg/generated/controllers/core" "github.com/rancher/wrangler/pkg/leader" @@ -251,7 +250,7 @@ func (c *Control) BindAddressOrLoopback(chooseHostInterface, urlSafe bool) strin // service CIDRs indicate an IPv4/Dual-Stack or IPv6 only cluster. If the urlSafe // parameter is true, IPv6 addresses are enclosed in square brackets, as per RFC2732. func (c *Control) Loopback(urlSafe bool) string { - if IPv6OnlyService, _ := util.IsIPv6OnlyCIDRs(c.ServiceIPRanges); IPv6OnlyService { + if utilsnet.IsIPv6CIDR(c.ServiceIPRange) { if urlSafe { return "[::1]" } diff --git a/pkg/util/net.go b/pkg/util/net.go index 244b3f64b866..7bc9f2ec4d79 100644 --- a/pkg/util/net.go +++ b/pkg/util/net.go @@ -31,9 +31,9 @@ func JoinIPNets(elems []*net.IPNet) string { return strings.Join(strs, ",") } -// GetFirst4Net returns the first IPv4 network from the list of IP networks. +// getFirst4Net returns the first IPv4 network from the list of IP networks. // If no IPv4 addresses are found, an error is raised. -func GetFirst4Net(elems []*net.IPNet) (*net.IPNet, error) { +func getFirst4Net(elems []*net.IPNet) (*net.IPNet, error) { for _, elem := range elems { if elem == nil || elem.IP.To4() == nil { continue @@ -43,9 +43,9 @@ func GetFirst4Net(elems []*net.IPNet) (*net.IPNet, error) { return nil, errors.New("no IPv4 CIDRs found") } -// GetFirst4 returns the first IPv4 address from the list of IP addresses. +// getFirst4 returns the first IPv4 address from the list of IP addresses. // If no IPv4 addresses are found, an error is raised. -func GetFirst4(elems []net.IP) (net.IP, error) { +func getFirst4(elems []net.IP) (net.IP, error) { for _, elem := range elems { if elem == nil || elem.To4() == nil { continue @@ -64,7 +64,7 @@ func GetFirst4String(elems []string) (string, error) { ips = append(ips, net.ParseIP(v)) } } - ip, err := GetFirst4(ips) + ip, err := getFirst4(ips) if err != nil { return "", err } @@ -82,9 +82,9 @@ func JoinIP4Nets(elems []*net.IPNet) string { return strings.Join(strs, ",") } -// GetFirst6 returns the first IPv6 address from the list of IP addresses. +// getFirst6 returns the first IPv6 address from the list of IP addresses. // If no IPv6 addresses are found, an error is raised. -func GetFirst6(elems []net.IP) (net.IP, error) { +func getFirst6(elems []net.IP) (net.IP, error) { for _, elem := range elems { if elem != nil && netutils.IsIPv6(elem) { return elem, nil @@ -93,9 +93,9 @@ func GetFirst6(elems []net.IP) (net.IP, error) { return nil, errors.New("no IPv6 address found") } -// GetFirst6Net returns the first IPv4 network from the list of IP networks. +// getFirst6Net returns the first IPv4 network from the list of IP networks. // If no IPv6 addresses are found, an error is raised. -func GetFirst6Net(elems []*net.IPNet) (*net.IPNet, error) { +func getFirst6Net(elems []*net.IPNet) (*net.IPNet, error) { for _, elem := range elems { if elem != nil && netutils.IsIPv6(elem.IP) { return elem, nil @@ -113,7 +113,7 @@ func GetFirst6String(elems []string) (string, error) { ips = append(ips, net.ParseIP(v)) } } - ip, err := GetFirst6(ips) + ip, err := getFirst6(ips) if err != nil { return "", err } @@ -133,7 +133,7 @@ func JoinIP6Nets(elems []*net.IPNet) string { // GetHostnameAndIPs takes a node name and list of IPs, usually from CLI args. // If set, these are used to return the node's name and addresses. If not set, -// the system hostname and primary interface address are returned instead. +// the system hostname and primary interface addresses are returned instead. func GetHostnameAndIPs(name string, nodeIPs cli.StringSlice) (string, []net.IP, error) { ips := []net.IP{} if len(nodeIPs) == 0 { @@ -202,37 +202,26 @@ func GetFirstValidIPString(s cli.StringSlice) string { return "" } -// GetFirstIP returns the first IPv4 address from the list of IP addresses. -// If no IPv4 addresses are found, returns the first IPv6 address -// if neither of IPv4 or IPv6 are found an error is raised. -// Additionally matching listen address and IP version is returned. -func GetFirstIP(nodeIPs []net.IP) (net.IP, string, bool, error) { - nodeIP, err := GetFirst4(nodeIPs) - ListenAddress := "0.0.0.0" - IPv6only := false - if err != nil { - nodeIP, err = GetFirst6(nodeIPs) - if err != nil { - return nil, "", false, err - } - ListenAddress = "::" - IPv6only = true +// GetFirstIP checks what is the IPFamily of the first item. Based on that, returns a set of values +func GetDefaultAddresses(nodeIP net.IP) (string, string, string, error) { + + if netutils.IsIPv4(nodeIP) { + ListenAddress := "0.0.0.0" + clusterCIDR := "10.42.0.0/16" + serviceCIDR := "10.43.0.0/16" + + return ListenAddress, clusterCIDR, serviceCIDR, nil } - return nodeIP, ListenAddress, IPv6only, nil -} -// GetFirstNet returns the first IPv4 network from the list of IP networks. -// If no IPv4 addresses are found, returns the first IPv6 address -// if neither of IPv4 or IPv6 are found an error is raised. -func GetFirstNet(elems []*net.IPNet) (*net.IPNet, error) { - serviceIPRange, err := GetFirst4Net(elems) - if err != nil { - serviceIPRange, err = GetFirst6Net(elems) - if err != nil { - return nil, err - } + if netutils.IsIPv6(nodeIP) { + ListenAddress := "::" + clusterCIDR := "fd00:42::/56" + serviceCIDR := "fd00:43::/112" + + return ListenAddress, clusterCIDR, serviceCIDR, nil } - return serviceIPRange, nil + + return "", "", "", fmt.Errorf("ip: %v is not ipv4 or ipv6", nodeIP) } // GetFirstString returns the first IP4 address from a list of IP address strings. @@ -251,32 +240,6 @@ func GetFirstString(elems []string) (string, bool, error) { return ip, IPv6only, nil } -// IsIPv6OnlyCIDRs returns if -// - all are valid cidrs -// - at least one cidr from v6 family is found -// - v4 family cidr is not found -func IsIPv6OnlyCIDRs(cidrs []*net.IPNet) (bool, error) { - v4Found := false - v6Found := false - for _, cidr := range cidrs { - if cidr == nil { - return false, fmt.Errorf("cidr %v is invalid", cidr) - } - - if v4Found && v6Found { - continue - } - - if cidr.IP != nil && cidr.IP.To4() == nil { - v6Found = true - continue - } - v4Found = true - } - - return !v4Found && v6Found, nil -} - // IPToIPNet converts an IP to an IPNet, using a fully filled mask appropriate for the address family. func IPToIPNet(ip net.IP) (*net.IPNet, error) { address := ip.String()