From af2aeddeb9bc3066c3940e9cd7546a1cd6b1095e Mon Sep 17 00:00:00 2001 From: Pablo Acevedo Montserrat Date: Tue, 9 Jul 2024 15:04:24 +0200 Subject: [PATCH 1/3] USHIFT-3479: Add IPFamily to render variables --- pkg/components/render.go | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/pkg/components/render.go b/pkg/components/render.go index 675e47608f..f6807fb7f7 100755 --- a/pkg/components/render.go +++ b/pkg/components/render.go @@ -8,6 +8,8 @@ import ( "strings" "text/template" + "k8s.io/kubernetes/pkg/apis/core" + "github.com/openshift/microshift/pkg/assets" "github.com/openshift/microshift/pkg/config" "github.com/openshift/microshift/pkg/release" @@ -28,9 +30,16 @@ func renderParamsFromConfig(cfg *config.Config, extra assets.RenderParams) asset "ClusterDNS": cfg.Network.DNS, "BaseDomain": cfg.DNS.BaseDomain, } + ipFamily := core.IPFamilyPolicySingleStack + if cfg.IsIPv4() && cfg.IsIPv6() { + ipFamily = core.IPFamilyPolicyPreferDualStack + } + params["IPFamily"] = ipFamily + for k, v := range extra { params[k] = v } + return params } From 7d98be749af796c3e99b91a155bf957492a05e27 Mon Sep 17 00:00:00 2001 From: Pablo Acevedo Montserrat Date: Tue, 9 Jul 2024 16:51:23 +0200 Subject: [PATCH 2/3] USHIFT-3479: Add ipFamilyPolicy to router services Force ipFamilyPolicy to PreferDualStack if ipv4+ipv6 is configured. According to https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services existing services are not migrated and an application may need to use the router in ipv6 mode. --- assets/components/openshift-router/service-cloud.yaml | 1 + assets/components/openshift-router/service-internal.yaml | 1 + scripts/auto-rebase/rebase.sh | 2 ++ 3 files changed, 4 insertions(+) diff --git a/assets/components/openshift-router/service-cloud.yaml b/assets/components/openshift-router/service-cloud.yaml index 98e78656ab..d4be80e3b8 100644 --- a/assets/components/openshift-router/service-cloud.yaml +++ b/assets/components/openshift-router/service-cloud.yaml @@ -17,6 +17,7 @@ spec: # router pods are present on a node behind the service. externalTrafficPolicy: Local internalTrafficPolicy: Cluster + ipFamilyPolicy: '{{.IPFamily}}' ports: - name: http protocol: TCP diff --git a/assets/components/openshift-router/service-internal.yaml b/assets/components/openshift-router/service-internal.yaml index 007291a0f8..fdf75368b7 100644 --- a/assets/components/openshift-router/service-internal.yaml +++ b/assets/components/openshift-router/service-internal.yaml @@ -5,6 +5,7 @@ apiVersion: v1 spec: type: ClusterIP internalTrafficPolicy: Cluster + ipFamilyPolicy: '{{.IPFamily}}' ports: - name: http port: 80 diff --git a/scripts/auto-rebase/rebase.sh b/scripts/auto-rebase/rebase.sh index df6847b80f..cff00a4a99 100755 --- a/scripts/auto-rebase/rebase.sh +++ b/scripts/auto-rebase/rebase.sh @@ -718,6 +718,7 @@ EOF yq -i '.metadata.labels += {"ingresscontroller.operator.openshift.io/owning-ingresscontroller": "default"}' "${REPOROOT}"/assets/components/openshift-router/service-internal.yaml yq -i '.metadata += {"name": "router-internal-default", "namespace": "openshift-ingress"}' "${REPOROOT}"/assets/components/openshift-router/service-internal.yaml yq -i '.spec.selector = {"ingresscontroller.operator.openshift.io/deployment-ingresscontroller": "default"}' "${REPOROOT}"/assets/components/openshift-router/service-internal.yaml + yq -i '.spec.ipFamilyPolicy = "{{.IPFamily}}"' "${REPOROOT}"/assets/components/openshift-router/service-internal.yaml sed -i '/#.*set at runtime/d' "${REPOROOT}"/assets/components/openshift-router/service-internal.yaml # MicroShift-specific changes @@ -731,6 +732,7 @@ EOF yq -i '.metadata += {"name": "router-default", "namespace": "openshift-ingress"}' "${REPOROOT}"/assets/components/openshift-router/service-cloud.yaml yq -i '.spec.selector = {"ingresscontroller.operator.openshift.io/deployment-ingresscontroller": "default"}' "${REPOROOT}"/assets/components/openshift-router/service-cloud.yaml yq -i '.metadata.labels += {"ingresscontroller.operator.openshift.io/owning-ingresscontroller": "default"}' "${REPOROOT}"/assets/components/openshift-router/service-cloud.yaml + yq -i '.spec.ipFamilyPolicy = "{{.IPFamily}}"' "${REPOROOT}"/assets/components/openshift-router/service-cloud.yaml # Must use sed instead of yq because unquoted {{ .RouterHttpPort }} is interpreted as yaml object and yq has no option to not interpret it (like provide is as quoted string but produce unquoted output). # It needs to be last manipulation of the file, otherwise yq commands after this one would expand the {{ .RouterHttpPort }}. sed -i 's/port: 80/port: {{ .RouterHttpPort }}/g; s/port: 443/port: {{ .RouterHttpsPort }}/g' "${REPOROOT}"/assets/components/openshift-router/service-cloud.yaml From 295387b62c9bcd0ca069e71e5994658d8cd78d10 Mon Sep 17 00:00:00 2001 From: Pablo Acevedo Montserrat Date: Wed, 24 Jul 2024 15:12:54 +0200 Subject: [PATCH 3/3] USHIFT-3479: Add onvk restart on dual stack change Force ovnk master pod restart when there is an ip family change. This will allow reloading ovnk configmap and assign ipv6 addresses to newly created pods. --- assets/components/ovn/single-node/master/daemonset.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/assets/components/ovn/single-node/master/daemonset.yaml b/assets/components/ovn/single-node/master/daemonset.yaml index e2e47daa3d..2d698042a3 100644 --- a/assets/components/ovn/single-node/master/daemonset.yaml +++ b/assets/components/ovn/single-node/master/daemonset.yaml @@ -29,6 +29,7 @@ spec: type: infra openshift.io/component: network kubernetes.io/os: "linux" + microshift.io/ipfamilypolicy: '{{.IPFamily}}' spec: serviceAccountName: ovn-kubernetes-controller hostNetwork: true