From 1ffb4603cd461de6746f933c48787ae83ea590c6 Mon Sep 17 00:00:00 2001 From: Roberto Bonafiglia Date: Tue, 10 Oct 2023 12:34:54 +0200 Subject: [PATCH] Use IPv6 in case is the first configured IP with dualstack Signed-off-by: Roberto Bonafiglia --- pkg/agent/config/config.go | 2 +- pkg/agent/run.go | 2 +- pkg/cli/cmds/server.go | 2 +- pkg/daemons/agent/agent_linux.go | 20 ++++++++++++-------- tests/e2e/dualstack/Vagrantfile | 3 --- 5 files changed, 15 insertions(+), 14 deletions(-) diff --git a/pkg/agent/config/config.go b/pkg/agent/config/config.go index b0a2c8e0da..4d6246beb6 100644 --- a/pkg/agent/config/config.go +++ b/pkg/agent/config/config.go @@ -353,7 +353,7 @@ func get(ctx context.Context, envInfo *cmds.Agent, proxy proxy.Proxy) (*config.N // If the supervisor and externally-facing apiserver are not on the same port, tell the proxy where to find the apiserver. if controlConfig.SupervisorPort != controlConfig.HTTPSPort { - _, isIPv6, _ := util.GetFirstString([]string{envInfo.NodeIP.String()}) + isIPv6 := utilsnet.IsIPv6(net.ParseIP([]string{envInfo.NodeIP.String()}[0])) if err := proxy.SetAPIServerPort(ctx, controlConfig.HTTPSPort, isIPv6); err != nil { return nil, errors.Wrapf(err, "failed to setup access to API Server port %d on at %s", controlConfig.HTTPSPort, proxy.SupervisorURL()) } diff --git a/pkg/agent/run.go b/pkg/agent/run.go index 6962f16fc0..d8723b79f4 100644 --- a/pkg/agent/run.go +++ b/pkg/agent/run.go @@ -276,7 +276,7 @@ func createProxyAndValidateToken(ctx context.Context, cfg *cmds.Agent) (proxy.Pr if err := os.MkdirAll(agentDir, 0700); err != nil { return nil, err } - _, isIPv6, _ := util.GetFirstString([]string{cfg.NodeIP.String()}) + isIPv6 := utilsnet.IsIPv6(net.ParseIP([]string{cfg.NodeIP.String()}[0])) proxy, err := proxy.NewSupervisorProxy(ctx, !cfg.DisableLoadBalancer, agentDir, cfg.ServerURL, cfg.LBServerPort, isIPv6) if err != nil { diff --git a/pkg/cli/cmds/server.go b/pkg/cli/cmds/server.go index 617aa43fc2..1e44204334 100644 --- a/pkg/cli/cmds/server.go +++ b/pkg/cli/cmds/server.go @@ -190,7 +190,7 @@ var ServerFlags = []cli.Flag{ }, &cli.StringFlag{ Name: "advertise-address", - Usage: "(listener) IPv4 address that apiserver uses to advertise to members of the cluster (default: node-external-ip/node-ip)", + Usage: "(listener) IPv4/IPv6 address that apiserver uses to advertise to members of the cluster (default: node-external-ip/node-ip)", Destination: &ServerConfig.AdvertiseIP, }, &cli.IntFlag{ diff --git a/pkg/daemons/agent/agent_linux.go b/pkg/daemons/agent/agent_linux.go index ead7507aee..e6cfe51162 100644 --- a/pkg/daemons/agent/agent_linux.go +++ b/pkg/daemons/agent/agent_linux.go @@ -4,6 +4,7 @@ package agent import ( + "net" "os" "path/filepath" "strings" @@ -13,8 +14,8 @@ import ( "github.com/k3s-io/k3s/pkg/util" "github.com/sirupsen/logrus" "golang.org/x/sys/unix" - "k8s.io/apimachinery/pkg/util/net" "k8s.io/kubernetes/pkg/kubeapiserver/authorizer/modes" + utilsnet "k8s.io/utils/net" ) const socketPrefix = "unix://" @@ -32,8 +33,8 @@ func createRootlessConfig(argsMap map[string]string, controllers map[string]bool func kubeProxyArgs(cfg *config.Agent) map[string]string { bindAddress := "127.0.0.1" - _, IPv6only, _ := util.GetFirstString([]string{cfg.NodeIP}) - if IPv6only { + isIPv6 := utilsnet.IsIPv6(net.ParseIP([]string{cfg.NodeIP}[0])) + if isIPv6 { bindAddress = "::1" } argsMap := map[string]string{ @@ -53,8 +54,8 @@ func kubeProxyArgs(cfg *config.Agent) map[string]string { func kubeletArgs(cfg *config.Agent) map[string]string { bindAddress := "127.0.0.1" - _, IPv6only, _ := util.GetFirstString([]string{cfg.NodeIP}) - if IPv6only { + isIPv6 := utilsnet.IsIPv6(net.ParseIP([]string{cfg.NodeIP}[0])) + if isIPv6 { bindAddress = "::1" } argsMap := map[string]string{ @@ -122,9 +123,12 @@ func kubeletArgs(cfg *config.Agent) map[string]string { if cfg.NodeName != "" { argsMap["hostname-override"] = cfg.NodeName } - defaultIP, err := net.ChooseHostInterface() - if err != nil || defaultIP.String() != cfg.NodeIP { - argsMap["node-ip"] = cfg.NodeIP + if nodeIPs := util.JoinIPs(cfg.NodeIPs); nodeIPs != "" { + dualStack, err := utilsnet.IsDualStackIPs(cfg.NodeIPs) + if err == nil && dualStack { + argsMap["feature-gates"] = util.AddFeatureGate(argsMap["feature-gates"], "CloudDualStackNodeIPs=true") + } + argsMap["node-ip"] = nodeIPs } kubeletRoot, runtimeRoot, controllers := cgroups.CheckCgroups() if !controllers["cpu"] { diff --git a/tests/e2e/dualstack/Vagrantfile b/tests/e2e/dualstack/Vagrantfile index b623937b6f..558ca89399 100644 --- a/tests/e2e/dualstack/Vagrantfile +++ b/tests/e2e/dualstack/Vagrantfile @@ -50,7 +50,6 @@ def provision(vm, role, role_num, node_num) service-cidr: 10.43.0.0/16,2001:cafe:42:1::/112 bind-address: #{NETWORK4_PREFIX}.100 flannel-iface: eth1 - kubelet-arg: "--node-ip=0.0.0.0" # Workaround for https://github.com/kubernetes/kubernetes/issues/111695 YAML k3s.env = ["K3S_KUBECONFIG_MODE=0644", install_type] end @@ -66,7 +65,6 @@ def provision(vm, role, role_num, node_num) cluster-cidr: 10.42.0.0/16,2001:cafe:42:0::/56 service-cidr: 10.43.0.0/16,2001:cafe:42:1::/112 flannel-iface: eth1 - kubelet-arg: "--node-ip=0.0.0.0" # Workaround for https://github.com/kubernetes/kubernetes/issues/111695 YAML k3s.env = ["K3S_KUBECONFIG_MODE=0644", install_type] end @@ -81,7 +79,6 @@ def provision(vm, role, role_num, node_num) server: https://#{NETWORK4_PREFIX}.100:6443 token: vagrant flannel-iface: eth1 - kubelet-arg: "--node-ip=0.0.0.0" # Workaround for https://github.com/kubernetes/kubernetes/issues/111695 YAML k3s.env = ["K3S_KUBECONFIG_MODE=0644", install_type] end