Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support DualStack(IPv4+IPv6) #848

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Support DualStack(IPv4+IPv6) #848

wants to merge 2 commits into from

Conversation

mohamed-rafraf
Copy link

@mohamed-rafraf mohamed-rafraf commented Sep 16, 2024
edited
Loading

How to categorize this PR?

/area networking
/kind api-change
/platform gcp

What this PR does / why we need it:
This PR introduces DualStack support for infrastructure objects. A new field DualStack { enabled: bool} has been added. When enabled, the controller will create a VPC and Subnet in GCP with IPv6 access type set to external, supporting both external and internal IPv6 communication.

The controller can provision dual-stack infrastructure using the InfraFlow approach (via GCP SDK).

apiVersion: extensions.gardener.cloud/v1alpha1
kind: Infrastructure
metadata:
  name: gcp-infra
  namespace: shoot--med--gcp
    annotations:
      provider.extensions.gardener.cloud/use-flow: "true"
spec:
  type: gcp
  region: europe-west1
  secretRef:
    namespace: shoot--med--gcp
    name: core-gcp
  providerConfig:
    apiVersion: gcp.provider.extensions.gardener.cloud/v1alpha1
    kind: InfrastructureConfig
    networks:
      dualStack: 
        enabled: true
      workers: 10.250.0.0/16

Which issue(s) this PR fixes:
Fixes #829

Special notes for your reviewer:

Release note:

NONE

@mohamed-rafraf mohamed-rafraf requested review from a team as code owners September 16, 2024 13:32
@gardener-robot gardener-robot added the needs/review Needs review label Sep 16, 2024
@CLAassistant
Copy link

CLAassistant commented Sep 16, 2024
edited
Loading

CLA assistant check
All committers have signed the CLA.

@gardener-robot gardener-robot added kind/api-change API change with impact on API users needs/second-opinion Needs second review by someone else area/networking Networking related platform/gcp Google cloud platform/infrastructure labels Sep 16, 2024
@gardener-robot
Copy link

@mohamed-rafraf Thank you for your contribution.

@gardener-robot gardener-robot added the size/m Size of pull request is medium (see gardener-robot robot/bots/size.py) label Sep 16, 2024
@gardener-robot-ci-2
Copy link
Contributor

Thank you @mohamed-rafraf for your contribution. Before I can start building your PR, a member of the organization must set the required label(s) {'reviewed/ok-to-test'}. Once started, you can check the build status in the PR checks section below.

@ScheererJ
Copy link
Member

Please remove the ULA part from the PR description and sign the contributors agreement.

After internal discussion, we would like the machine-controller-manager change (if required) in this PR as well. This pull should provide dual-stack VPC/subnet and enable VMs to also have IPv6 addresses if necessary.

@ScheererJ
Copy link
Member

/ok-to-test

@gardener-robot gardener-robot added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Sep 19, 2024
@gardener-robot-ci-1 gardener-robot-ci-1 added needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Sep 19, 2024
@gardener-robot gardener-robot added size/l Size of pull request is large (see gardener-robot robot/bots/size.py) and removed size/m Size of pull request is medium (see gardener-robot robot/bots/size.py) labels Sep 20, 2024
@gardener-robot gardener-robot added the needs/rebase Needs git rebase label Oct 4, 2024
@gardener-robot
Copy link

@mohamed-rafraf You need rebase this pull request with latest master branch. Please check.

@ScheererJ ScheererJ mentioned this pull request Oct 10, 2024
Open
60 tasks
@mohamed-rafraf mohamed-rafraf marked this pull request as draft October 18, 2024 10:32
@gardener-robot gardener-robot added size/xl Size of pull request is huge (see gardener-robot robot/bots/size.py) and removed size/l Size of pull request is large (see gardener-robot robot/bots/size.py) labels Nov 5, 2024
@kron4eg kron4eg mentioned this pull request Nov 22, 2024
Closed
@mohamed-rafraf mohamed-rafraf changed the title Support DualStack(IPv4+IPv6) for Infrastructure Support DualStack(IPv4+IPv6) Nov 22, 2024
@kron4eg kron4eg force-pushed the dual-stack branch 2 times, most recently from 29014f7 to 00ee2a1 Compare November 29, 2024 15:05
@mohamed-rafraf mohamed-rafraf marked this pull request as ready for review December 4, 2024 09:45
@axel7born
Copy link
Contributor

/ok-to-test

@gardener-robot gardener-robot added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Dec 4, 2024
@gardener-robot-ci-1 gardener-robot-ci-1 removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Dec 4, 2024
@DockToFuture
Copy link
Member

/ok-to-test

@gardener-robot gardener-robot added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Dec 4, 2024
@gardener-robot-ci-3 gardener-robot-ci-3 removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Dec 4, 2024
@mohamed-rafraf mohamed-rafraf marked this pull request as draft December 4, 2024 22:23
kron4eg added a commit to mohamed-rafraf/gardener-extension-provider-gcp that referenced this pull request Dec 9, 2024
@kron4eg
New values for machineclass
a305a3f 
see gardener#848

Signed-off-by: Artiom Diomin <[email protected]>
@mohamed-rafraf mohamed-rafraf marked this pull request as ready for review December 11, 2024 12:26
hebelsan
hebelsan reviewed Dec 12, 2024
View reviewed changes
charts/internal/seed-controlplane/charts/ingress-gce/templates/deployment.yaml Outdated
name: ingress-gce
namespace: {{ .Release.Namespace }}
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this annotation needed?

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's here from the upstream. I will replace it with priorityClassName: system-cluster-critical as such annotations don't work anymore.

imagevector/images.yaml Outdated
integrity_requirement: 'high'
availability_requirement: 'low'
- name: default-http-backend
sourceRepository: github.com/kubernetes/ingress-gce
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
sourceRepository: github.com/kubernetes/ingress-gce
sourceRepository: https://github.com/gardener/ingress-default-backend

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's a different one, not related to GCP

pkg/apis/gcp/types_infrastructure.go Outdated
@@ -69,6 +72,8 @@ const (
PurposeNodes SubnetPurpose = "nodes"
// PurposeInternal is a SubnetPurpose for internal use.
PurposeInternal SubnetPurpose = "internal"
// PurposeServices is a SubnetPurpose for internal use.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
// PurposeServices is a SubnetPurpose for internal use.
// PurposeServices is a SubnetPurpose for services.

pkg/apis/gcp/v1alpha1/types_infrastructure.go Outdated
@@ -74,6 +77,8 @@ const (
PurposeNodes SubnetPurpose = "nodes"
// PurposeInternal is a SubnetPurpose for internal use.
PurposeInternal SubnetPurpose = "internal"
// PurposeServices is a SubnetPurpose for internal use.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
// PurposeServices is a SubnetPurpose for internal use.
// PurposeServices is a SubnetPurpose for services.

pkg/controller/infrastructure/flow_reconciler.go Outdated
Comment on lines 86 to 87
},
)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
},
)
})

pkg/controller/infrastructure/infraflow/ensure.go Outdated
region = fctx.infra.Spec.Region
)
func (fctx *FlowContext) ensureIPv6CIDRs(ctx context.Context) error {
nodeSubnet := fctx.whiteboard.GetObject(ObjectKeyNodeSubnet).(*compute.Subnetwork)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider using: GetObject[*compute.Subnetwork](fctx.whiteboard, ObjectKeyNodeSubnet)

Suggested change
nodeSubnet := fctx.whiteboard.GetObject(ObjectKeyNodeSubnet).(*compute.Subnetwork)
nodeSubnet := GetObject[*compute.Subnetwork](fctx.whiteboard, ObjectKeyNodeSubnet)

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

GetObject() checks if object exists and return new(T) in case if object is not found, the result will never be nil. But I need nil to check for the error case.

pkg/controller/infrastructure/infraflow/ensure.go Outdated
}
fctx.whiteboard.Set(NodesSubnetIPv6CIDR, nodesIPv6Range)

srvSubnet := fctx.whiteboard.GetObject(ObjectKeyServicesSubnet).(*compute.Subnetwork)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Again consider using: GetObject

Suggested change
srvSubnet := fctx.whiteboard.GetObject(ObjectKeyServicesSubnet).(*compute.Subnetwork)
srvSubnet := GetObject[*compute.Subnetwork](fctx.whiteboard, ObjectKeyServicesSubnet)

pkg/controller/infrastructure/infraflow/ensure.go Outdated
Comment on lines 430 to 436
cidrsipv6 := []*string{}
if nodesipv6 := fctx.whiteboard.Get(NodesSubnetIPv6CIDR); ptr.Deref(nodesipv6, "") != "" {
cidrsipv6 = append(cidrsipv6, nodesipv6)
}
if servicesipv6 := fctx.whiteboard.Get(ServicesSubnetIPv6CIDR); ptr.Deref(servicesipv6, "") != "" {
cidrsipv6 = append(cidrsipv6, servicesipv6)
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To stays consistent we should use camel case variable naming in cidrsipv6 = cidrsIPv6, nodesipv6 = nodesIPv6 and servicesipv6 = servicesIPv6

pkg/gcp/types.go Outdated
@@ -14,6 +14,10 @@ const (

// CloudControllerManagerImageName is the name of the cloud-controller-manager image.
CloudControllerManagerImageName = "cloud-controller-manager"
// IngressGCEImageName is the name of the ingress-gce image.
IngressGCEImageName = "ingress-gce"
// DefaultHTTPBackendImageName is the name of the csi-driver image.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Probably copy paste error?

kron4eg added a commit to mohamed-rafraf/gardener-extension-provider-gcp that referenced this pull request Dec 13, 2024
@kron4eg
New values for machineclass
28ec40b 
see gardener#848

Signed-off-by: Artiom Diomin <[email protected]>
@kron4eg
Copy link

kron4eg commented Dec 13, 2024

I've rebased whole PR against current master.

kon-angelo
kon-angelo reviewed Jan 27, 2025
View reviewed changes
pkg/apis/gcp/types_infrastructure.go Outdated Show resolved Hide resolved
pkg/controller/infrastructure/infraflow/shared/firewall.go Outdated Show resolved Hide resolved
pkg/controller/infrastructure/infraflow/reconciler.go Show resolved Hide resolved
pkg/controller/worker/machines.go Outdated Show resolved Hide resolved
pkg/controller/worker/machines.go Outdated Show resolved Hide resolved
charts/internal/seed-controlplane/charts/ingress-gce/values.yaml Outdated Show resolved Hide resolved
pkg/controller/controlplane/valuesprovider.go
Comment on lines +621 to +622
subnetPurpose := apisgcp.PurposeInternal
if dualstack {
subnetPurpose = apisgcp.PurposeNodes
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this should be validated against right? Having an internal subnet on a dualStack cluster makes no sense AFAIK because the internal loadbalancers will now be created now in the internal subnet.

I think there is no validation for that yet.

pkg/controller/infrastructure/infraflow/graph.go Show resolved Hide resolved
@gardener-robot-ci-1 gardener-robot-ci-1 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Jan 30, 2025
@gardener-robot-ci-2 gardener-robot-ci-2 removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Jan 30, 2025
@gardener-robot-ci-1 gardener-robot-ci-1 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Feb 3, 2025
@gardener-robot-ci-3 gardener-robot-ci-3 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Feb 4, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kron4eg kron4eg kron4eg left review comments

@hebelsan hebelsan hebelsan left review comments

@DockToFuture DockToFuture DockToFuture requested changes

@kon-angelo kon-angelo kon-angelo left review comments

@axel7born axel7born axel7born requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
area/networking Networking related kind/api-change API change with impact on API users needs/changes Needs (more) changes needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) needs/rebase Needs git rebase needs/review Needs review needs/second-opinion Needs second review by someone else platform/gcp Google cloud platform/infrastructure size/xl Size of pull request is huge (see gardener-robot robot/bots/size.py)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Support IPv6