Add support for ipv6 only cluster via "enable_ipv6only_stack_networks" (#11831)

2025-12-14 05:45:06 +03:00 · 2025-01-27 15:15:22 +03:00
parent e107022b4b
commit 76c0a3aa75
37 changed files with 216 additions and 104 deletions
--- a/roles/network_plugin/calico/tasks/check.yml
+++ b/roles/network_plugin/calico/tasks/check.yml
@@ -192,6 +192,6 @@
      - "calico_ipip_mode_ipv6 in ['Never']"
    msg: "Calico doesn't support ipip tunneling for the IPv6"
  when:
-    - enable_dual_stack_networks
+    - (enable_dual_stack_networks or enable_ipv6only_stack_networks)
  run_once: true
  delegate_to: "{{ groups['kube_control_plane'][0] }}"
--- a/roles/network_plugin/calico/tasks/install.yml
+++ b/roles/network_plugin/calico/tasks/install.yml
@@ -107,7 +107,7 @@
  changed_when: false
  when:
    - inventory_hostname == groups['kube_control_plane'][0]
-    - enable_dual_stack_networks
+    - (enable_dual_stack_networks or enable_ipv6only_stack_networks)

 - name: Calico | Ensure that calico_pool_cidr_ipv6 is within kube_pods_subnet_ipv6 when defined
  assert:
@@ -117,7 +117,7 @@
    - inventory_hostname == groups['kube_control_plane'][0]
    - calico_conf_ipv6.stdout is defined and calico_conf_ipv6.stdout == "0"
    - calico_pool_cidr_ipv6 is defined
-    - enable_dual_stack_networks
+    - (enable_dual_stack_networks or enable_ipv6only_stack_networks)

 - name: Calico | kdd specific configuration
  when:
@@ -256,7 +256,7 @@
 - name: Calico | Configure Calico IPv6 Pool
  when:
    - inventory_hostname == groups['kube_control_plane'][0]
-    - enable_dual_stack_networks | bool
+    - (enable_dual_stack_networks or enable_ipv6only_stack_networks) | bool
  block:
    - name: Calico | Get existing calico ipv6 network pool
      command: "{{ bin_dir }}/calicoctl.sh get ippool {{ calico_pool_name }}-ipv6 -o json"
@@ -350,7 +350,7 @@
              {% if not calico_no_global_as_num | default(false) %}"asNumber": {{ global_as_num }},{% endif %}
              "nodeToNodeMeshEnabled": {{ nodeToNodeMeshEnabled | default('true') }} ,
              {% if calico_advertise_cluster_ips | default(false) %}
-              "serviceClusterIPs": [{"cidr": "{{ kube_service_addresses }}" } {{ ',{"cidr":"' + kube_service_addresses_ipv6 + '"}' if enable_dual_stack_networks else '' }}],{% endif %}
+              "serviceClusterIPs": [{% for cidr in kube_service_addresses_range.split(",") %}{{ "," if not loop.first }}{"cidr": "{{ cidr }}"}{% endfor %}],{% endif %}
              {% if calico_advertise_service_loadbalancer_ips | length > 0  %}"serviceLoadBalancerIPs": {{ _service_loadbalancer_ips }},{% endif %}
              "serviceExternalIPs": {{ _service_external_ips | default([]) }}
            }
--- a/roles/network_plugin/calico/templates/calico-config.yml.j2
+++ b/roles/network_plugin/calico/templates/calico-config.yml.j2
@@ -56,10 +56,14 @@ data:
            {% else %}
            "ipam": {
              "type": "calico-ipam",
-              {%   if enable_dual_stack_networks %}
+              {% if enable_ipv6only_stack_networks %}
+              "assign_ipv6": "true"
+              {% elif enable_dual_stack_networks %}
              "assign_ipv6": "true",
-              {%   endif %}
+              {% endif %}
+              {% if not enable_ipv6only_stack_networks %}
              "assign_ipv4": "true"
+              {% endif %}
            },
          {% endif %}
          {% if calico_allow_ip_forwarding %}
--- a/roles/network_plugin/calico/templates/calico-node.yml.j2
+++ b/roles/network_plugin/calico/templates/calico-node.yml.j2
@@ -259,13 +259,15 @@ spec:
            # no effect. This should fall within `--cluster-cidr`.
            # - name: CALICO_IPV4POOL_CIDR
            #   value: "192.168.0.0/16"
+{% if not enable_ipv6only_stack_networks %}
            - name: CALICO_IPV4POOL_IPIP
              value: "{{ calico_ipv4pool_ipip }}"
+{% endif %}
            # Enable or Disable VXLAN on the default IP pool.
            - name: CALICO_IPV4POOL_VXLAN
              value: "Never"
            - name: FELIX_IPV6SUPPORT
-              value: "{{ enable_dual_stack_networks | default(false) }}"
+              value: "{{ (enable_dual_stack_networks or enable_ipv6only_stack_networks) | default(false) }}"
            # Set Felix logging to "info"
            - name: FELIX_LOGSEVERITYSCREEN
              value: "{{ calico_loglevel }}"
@@ -308,20 +310,28 @@ spec:
            - name: IP_AUTODETECTION_METHOD
              value: "can-reach=$(NODEIP)"
 {% endif %}
-            - name: IP
-              value: "autodetect"
-{% if calico_ip6_auto_method is defined and enable_dual_stack_networks %}
+{% if calico_ip6_auto_method is defined and (enable_dual_stack_networks or enable_ipv6only_stack_networks) %}
            - name: IP6_AUTODETECTION_METHOD
              value: "{{ calico_ip6_auto_method }}"
 {% endif %}
+{% if enable_ipv6only_stack_networks %}
+            - name: IP6
+              value: "autodetect"
+            - name: IP
+              value: none
+{% elif enable_dual_stack_networks %}
+            - name: IP6
+              value: "autodetect"
+            - name: IP
+              value: "autodetect"
+{% else %}
+            - name: IP
+              value: "autodetect"
+{% endif %}
 {% if calico_felix_mtu_iface_pattern is defined %}
            - name: FELIX_MTUIFACEPATTERN
              value: "{{ calico_felix_mtu_iface_pattern }}"
 {% endif %}
-{% if enable_dual_stack_networks %}
-            - name: IP6
-              value: autodetect
-{% endif %}
 {% if calico_use_default_route_src_ipaddr | default(false) %}
            - name: FELIX_DEVICEROUTESOURCEADDRESS
              valueFrom:
--- a/roles/network_plugin/calico_defaults/defaults/main.yml
+++ b/roles/network_plugin/calico_defaults/defaults/main.yml
@@ -22,7 +22,7 @@ calico_pool_blocksize: 26

 # Calico doesn't support ipip tunneling for the IPv6.
 calico_ipip_mode_ipv6: Never
-calico_vxlan_mode_ipv6: Never
+calico_vxlan_mode_ipv6: Always

 # add default ipv6 ippool blockSize
 calico_pool_blocksize_ipv6: 122
--- a/roles/network_plugin/flannel/templates/cni-flannel.yml.j2
+++ b/roles/network_plugin/flannel/templates/cni-flannel.yml.j2
@@ -30,12 +30,14 @@ data:
    }
  net-conf.json: |
    {
+{% if not enable_ipv6only_stack_networks %}
      "Network": "{{ kube_pods_subnet }}",
      "EnableIPv4": true,
-{%   if enable_dual_stack_networks %}
+{% endif %}
+{% if enable_dual_stack_networks or enable_ipv6only_stack_networks %}
      "EnableIPv6": true,
      "IPv6Network": "{{ kube_pods_subnet_ipv6 }}",
-{%   endif %}
+{% endif %}
      "Backend": {
        "Type": "{{ flannel_backend_type }}"{% if flannel_backend_type == "vxlan" %},
        "VNI": {{ flannel_vxlan_vni }},
--- a/roles/network_plugin/kube-ovn/templates/cni-kube-ovn.yml.j2
+++ b/roles/network_plugin/kube-ovn/templates/cni-kube-ovn.yml.j2
@@ -240,14 +240,14 @@ spec:
          imagePullPolicy: {{ k8s_image_pull_policy }}
          args:
          - /kube-ovn/start-controller.sh
-          - --default-cidr={{ kube_pods_subnet }}{% if enable_dual_stack_networks %},{{ kube_ovn_pool_cidr_ipv6 | default(kube_pods_subnet_ipv6) }}{% endif %}{{ '' }}
+          - --default-cidr={{ kube_pods_subnet_range }}
          - --default-gateway={% if kube_ovn_default_gateway is defined %}{{ kube_ovn_default_gateway }}{% endif %}{{ '' }}
          - --default-gateway-check={{ kube_ovn_default_gateway_check | string }}
          - --default-logical-gateway={{ kube_ovn_default_logical_gateway | string }}
          - --default-u2o-interconnection={{ kube_ovn_u2o_interconnection }}
          - --default-exclude-ips={% if kube_ovn_default_exclude_ips is defined %}{{ kube_ovn_default_exclude_ips }}{% endif %}{{ '' }}
-          - --node-switch-cidr={{ kube_ovn_node_switch_cidr }}{% if enable_dual_stack_networks %},{{ kube_ovn_node_switch_cidr_ipv6 }}{% endif %}{{ '' }}
-          - --service-cluster-ip-range={{ kube_service_addresses }}{% if enable_dual_stack_networks %},{{ kube_service_addresses_ipv6 }}{% endif %}{{ '' }}
+          - --node-switch-cidr={{ [kube_ovn_node_switch_cidr if not enable_ipv6only_stack_networks, kube_ovn_node_switch_cidr_ipv6 if (enable_dual_stack_networks or enable_ipv6only_stack_networks)] | reject('match', '^$') | join(',') }}{{ '' }}
+          - --service-cluster-ip-range={{ kube_service_addresses_range }}
          - --network-type={{ kube_ovn_network_type }}
          - --default-interface-name={{ kube_ovn_default_interface_name | default('') }}
          - --default-vlan-id={{ kube_ovn_default_vlan_id }}
@@ -403,7 +403,7 @@ spec:
        args:
          - --enable-mirror={{ kube_ovn_traffic_mirror | lower }}
          - --encap-checksum={{ kube_ovn_encap_checksum | lower }}
-          - --service-cluster-ip-range={{ kube_service_addresses }}{% if enable_dual_stack_networks %},{{ kube_service_addresses_ipv6 }}{% endif %}{{ '' }}
+          - --service-cluster-ip-range={{ kube_service_addresses_range }}
          - --iface={{ kube_ovn_iface | default('') }}
          - --dpdk-tunnel-iface={{ kube_ovn_dpdk_tunnel_iface }}
          - --network-type={{ kube_ovn_network_type }}
@@ -588,7 +588,7 @@ spec:
          command:
          - /kube-ovn/kube-ovn-pinger
          args:
-          - --external-address={{ kube_ovn_external_address }}{% if enable_dual_stack_networks %},{{ kube_ovn_external_address_ipv6 }}{% endif %}{{ '' }}
+          - --external-address={{ [kube_ovn_external_address if not enable_ipv6only_stack_networks, kube_ovn_external_address_ipv6 if (enable_dual_stack_networks or enable_ipv6only_stack_networks)] | reject('match', '^$') | join(',') }}{{ '' }}
          - --external-dns={{ kube_ovn_external_dns }}
          - --logtostderr=false
          - --alsologtostderr=true
@@ -837,7 +837,7 @@ spec:
    - name: metrics
      port: 10661
  type: ClusterIP
-{% if enable_dual_stack_networks %}
+{% if enable_dual_stack_networks or enable_ipv6only_stack_networks %}
  ipFamilyPolicy: PreferDualStack
 {% endif %}
  selector:
@@ -852,7 +852,7 @@ metadata:
  labels:
    app: kube-ovn-pinger
 spec:
-{% if enable_dual_stack_networks %}
+{% if enable_dual_stack_networks or enable_ipv6only_stack_networks %}
  ipFamilyPolicy: PreferDualStack
 {% endif %}
  selector:
@@ -869,7 +869,7 @@ metadata:
  labels:
    app: kube-ovn-controller
 spec:
-{% if enable_dual_stack_networks %}
+{% if enable_dual_stack_networks or enable_ipv6only_stack_networks %}
  ipFamilyPolicy: PreferDualStack
 {% endif %}
  selector:
@@ -886,7 +886,7 @@ metadata:
  labels:
    app: kube-ovn-cni
 spec:
-{% if enable_dual_stack_networks %}
+{% if enable_dual_stack_networks or enable_ipv6only_stack_networks %}
  ipFamilyPolicy: PreferDualStack
 {% endif %}
  selector:
--- a/roles/network_plugin/kube-ovn/templates/cni-ovn.yml.j2
+++ b/roles/network_plugin/kube-ovn/templates/cni-ovn.yml.j2
@@ -260,7 +260,7 @@ spec:
      port: 6641
      targetPort: 6641
  type: ClusterIP
-{% if enable_dual_stack_networks %}
+{% if enable_dual_stack_networks or enable_ipv6only_stack_networks %}
  ipFamilyPolicy: PreferDualStack
 {% endif %}
  selector:
@@ -280,7 +280,7 @@ spec:
      port: 6642
      targetPort: 6642
  type: ClusterIP
-{% if enable_dual_stack_networks %}
+{% if enable_dual_stack_networks or enable_ipv6only_stack_networks %}
  ipFamilyPolicy: PreferDualStack
 {% endif %}
  selector:
@@ -300,7 +300,7 @@ spec:
      port: 6643
      targetPort: 6643
  type: ClusterIP
-{% if enable_dual_stack_networks %}
+{% if enable_dual_stack_networks or enable_ipv6only_stack_networks %}
  ipFamilyPolicy: PreferDualStack
 {% endif %}
  selector: