Add ipv6 support. #1024
Add ipv6 support. #1024
Conversation
gardener-robot-ci-1
added
the
reviewed/ok-to-test
gardener-robot
added
area/networking
gardener-robot-ci-1
added
needs/ok-to-test
| desired.CidrBlock = *c.config.Networks.VPC.CIDR | ||
|
|
||
| if !isIPv4(c.ipFamilies) && c.config.Networks.VPC.CIDR == nil { | ||
| desired.CidrBlock = "10.0.0.0/16" |
There was a problem hiding this comment.
I think I forgot the outcome of that discussion around this hardcoded IP and it would be nice if here or better in a comment write something about it.
There was a problem hiding this comment.
Probably, it is better not to automatically assign an IPv4 address here and leave that to the user?
There was a problem hiding this comment.
Though, I need to adapt the validation.
| AssignIpv6AddressOnCreation: ptr.To(isIPv6(c.ipFamilies)), | ||
| CidrBlock: func(cidr string) string { | ||
| if cidr == "" { | ||
| return "10.0.32.0/20" |
There was a problem hiding this comment.
also here regarding the "magic IP"
There was a problem hiding this comment.
Same as above, it is probably better to let the user configure the CIDR for the public range.
|
/needs rebase |
| @@ -1202,6 +1206,79 @@ func (c *Client) DeleteInternetGateway(ctx context.Context, id string) error { | |||
| return ignoreNotFound(err) | |||
| } | |||
|
|
|||
| func (c *Client) CreateEgressOnlyInternetGateway(ctx context.Context, gateway *EgressOnlyInternetGateway) (*EgressOnlyInternetGateway, error) { | |||
There was a problem hiding this comment.
Public func CreateEgressOnlyInternetGateway should have a describing comment
There was a problem hiding this comment.
I added a comment.
| @@ -395,6 +407,18 @@ func generateTerraformInfraConfig(ctx context.Context, infrastructure *extension | |||
| dhcpDomainName = fmt.Sprintf("%s.compute.internal", infrastructure.Spec.Region) | |||
| } | |||
|
|
|||
| isIPv4 := true | |||
| isIPv6 := false | |||
| if sets.New[v1beta1.IPFamily](ipFamilies...).Has(v1beta1.IPFamilyIPv6) { | |||
There was a problem hiding this comment.
Is there a special reason why we use sets, couldn't we just use slices.Contains() here?
There was a problem hiding this comment.
No special reason, I changed it to slices.Contains().
gardener-robot-ci-3
added
reviewed/ok-to-test
gardener-robot-ci-2
added
reviewed/ok-to-test
gardener-robot-ci-3
added
reviewed/ok-to-test
gardener-robot-ci-1
added
reviewed/ok-to-test
gardener-robot-ci-3
added
the
reviewed/ok-to-test
gardener-robot-ci-2
removed
the
reviewed/ok-to-test
| @@ -155,6 +160,7 @@ func NewFlowContext(opts Opts) (*FlowContext, error) { | |||
| infra: opts.Infrastructure, | |||
| client: opts.AwsClient, | |||
| runtimeClient: opts.RuntimeClient, | |||
| ipFamilies: opts.IPFamilies, | |||
There was a problem hiding this comment.
Nit: I think you can just do the init here in this func instead of passing it as an opt.
There was a problem hiding this comment.
I get it from c.Shoot.Spec.Networking.IPFamilies, which I don't have here. Or am I missing something?
| if slices.Contains(c.ipFamilies, v1beta1.IPFamilyIPv6) { | ||
| eogw, err := c.client.FindEgressOnlyInternetGatewayByVPC(ctx, vpcID) | ||
| if err != nil || eogw == nil { | ||
| return fmt.Errorf("Egress-Only Internet Gateway not found for VPC %s", vpcID) | ||
| } | ||
| c.state.Set(IdentifierEgressOnlyInternetGateway, eogw.EgressOnlyInternetGatewayId) |
There was a problem hiding this comment.
Not sure but you have a separate step for ensure the EOIG, why do it also here.
Also you can add a preflight check in
There was a problem hiding this comment.
The EOIG should be present in case of an existing VPC. In that case the ensure step would not be run. However, I struggle to add it to the preflight check as I don't have Shoot.Spec.Networking.IPFamilies there.
There was a problem hiding this comment.
You can fetch it with:
cluster, err := extensionscontroller.GetCluster(ctx, r.client, infrastructure.Namespace)
if err != nil {
return reconcile.Result{}, err
}
| @@ -1420,17 +1553,17 @@ func (c *FlowContext) getSubnetKey(item *awsclient.Subnet) (zoneName, subnetKey | |||
| for _, key := range []string{IdentifierZoneSubnetWorkers, IdentifierZoneSubnetPublic, IdentifierZoneSubnetPrivate} { | |||
| switch key { | |||
| case IdentifierZoneSubnetWorkers: | |||
| if value == helper.GetSuffixSubnetWorkers() { | |||
| if value == fmt.Sprintf("%s-%s", c.namespace, helper.GetSuffixSubnetWorkers()) { | |||
There was a problem hiding this comment.
can this value be changed freely ? What happens to existing clusters that have already a state and the key will change ?
There was a problem hiding this comment.
I'm wondering how this should have worked before. The tag is set here and could have never matched before. Or am I missing something.
gardener-robot-ci-1
added
the
reviewed/ok-to-test
gardener-robot-ci-3
removed
the
reviewed/ok-to-test
gardener-robot-ci-1
added
the
reviewed/ok-to-test
gardener-robot-ci-2
removed
the
reviewed/ok-to-test
|
I think I addressed all comments. Could you take a look again, please? |
|
/test |
|
Testrun: e2e-g5zqw +---------------------+-----------------------------+-----------+----------+ | NAME | STEP | PHASE | DURATION | +---------------------+-----------------------------+-----------+----------+ | bastion-test | bastion-test | Succeeded | 9m4s | | dnsrecord-test | dnsrecord-test | Succeeded | 5m47s | | infrastructure-test | infrastructure-test-tf | Succeeded | 35m6s | | infrastructure-test | infrastructure-test-flow | Failed | 26m28s | | infrastructure-test | infrastructure-test-migrate | Omitted | 0s | | infrastructure-test | infrastructure-test-recover | Omitted | 0s | +---------------------+-----------------------------+-----------+----------+ |
gardener-robot-ci-1
added
the
reviewed/ok-to-test
gardener-robot-ci-3
removed
the
reviewed/ok-to-test
|
/test |
|
Testrun: e2e-sfpkj +---------------------+-----------------------------+-----------+----------+ | NAME | STEP | PHASE | DURATION | +---------------------+-----------------------------+-----------+----------+ | bastion-test | bastion-test | Succeeded | 8m6s | | dnsrecord-test | dnsrecord-test | Succeeded | 5m54s | | infrastructure-test | infrastructure-test-tf | Succeeded | 34m54s | | infrastructure-test | infrastructure-test-flow | Succeeded | 26m20s | | infrastructure-test | infrastructure-test-migrate | Failed | 39m42s | | infrastructure-test | infrastructure-test-recover | Omitted | 0s | +---------------------+-----------------------------+-----------+----------+ |
Adapt tests.
gardener-robot-ci-3
added
reviewed/ok-to-test
How to categorize this PR?
/area networking
/kind enhancement
/platform aws
What this PR does / why we need it:
The PR adds required infrastructure changes to deploy IPv6 shoots.
Which issue(s) this PR fixes:
Fixes #
Special notes for your reviewer:
Release note: