ipFamilyPolicy:PreferDualStack for coredns and metrics-server

Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-09-20 12:00:31 +02:00 · 2023-09-20 12:00:31 +02:00 · 0b23a478cf
parent 021c5b291b
commit 0b23a478cf
5 changed files with 27 additions and 26 deletions
--- a/manifests/coredns.yaml
+++ b/manifests/coredns.yaml
@ -205,6 +205,7 @@ spec:
  selector:
    k8s-app: kube-dns
  clusterIP: %{CLUSTER_DNS}%
+  clusterIPs: %{CLUSTER_DNS_LIST}%
  ports:
  - name: dns
    port: 53
@ -215,3 +216,4 @@ spec:
  - name: metrics
    port: 9153
    protocol: TCP
+  ipFamilyPolicy: %{CLUSTER_DNS_IPFAMILYPOLICY}%
--- a/manifests/metrics-server/metrics-server-service.yaml
+++ b/manifests/metrics-server/metrics-server-service.yaml
@ -15,3 +15,4 @@ spec:
    name: https
    protocol: TCP
    targetPort: https
+  ipFamilyPolicy: PreferDualStack
--- a/pkg/cli/server/server.go
+++ b/pkg/cli/server/server.go
@ -364,12 +364,13 @@ func run(app *cli.Context, cfg *cmds.Server, leaderControllers server.CustomCont
 	// If there are no IPv4 ServiceCIDRs, an IPv6 ServiceCIDRs will be used.
 	// If neither of IPv4 or IPv6 are found an error is raised.
 	if len(cmds.ServerConfig.ClusterDNS) == 0 {
-		clusterDNS, err := utilsnet.GetIndexedIP(serverConfig.ControlConfig.ServiceIPRange, 10)
-		if err != nil {
-			return errors.Wrap(err, "cannot configure default cluster-dns address")
+		for _, svcCIDR := range serverConfig.ControlConfig.ServiceIPRanges {
+			clusterDNS, err := utilsnet.GetIndexedIP(svcCIDR, 10)
+			if err != nil {
+				return errors.Wrap(err, "cannot configure default cluster-dns address")
+			}
+			serverConfig.ControlConfig.ClusterDNSs = append(serverConfig.ControlConfig.ClusterDNSs, clusterDNS)
 		}
-		serverConfig.ControlConfig.ClusterDNS = clusterDNS
-		serverConfig.ControlConfig.ClusterDNSs = []net.IP{serverConfig.ControlConfig.ClusterDNS}
 	} else {
 		for _, ip := range util.SplitStringSlice(cmds.ServerConfig.ClusterDNS) {
 			parsed := net.ParseIP(ip)
@ -378,15 +379,16 @@ func run(app *cli.Context, cfg *cmds.Server, leaderControllers server.CustomCont
 			}
 			serverConfig.ControlConfig.ClusterDNSs = append(serverConfig.ControlConfig.ClusterDNSs, parsed)
 		}
-		// Set ClusterDNS to the first IPv4 address, for legacy clients
-		// unless only IPv6 range given
-		clusterDNS, _, _, err := util.GetFirstIP(serverConfig.ControlConfig.ClusterDNSs)
-		if err != nil {
-			return errors.Wrap(err, "cannot configure IPv4/IPv6 cluster-dns address")
-		}
-		serverConfig.ControlConfig.ClusterDNS = clusterDNS
 	}

+	// Set ClusterDNS to the first IPv4 address, for legacy clients
+	// unless only IPv6 range given
+	clusterDNS, _, _, err := util.GetFirstIP(serverConfig.ControlConfig.ClusterDNSs)
+	if err != nil {
+		return errors.Wrap(err, "cannot configure IPv4/IPv6 cluster-dns address")
+	}
+	serverConfig.ControlConfig.ClusterDNS = clusterDNS
+
 	if err := validateNetworkConfiguration(serverConfig); err != nil {
 		return err
 	}
@ -577,18 +579,6 @@ func run(app *cli.Context, cfg *cmds.Server, leaderControllers server.CustomCont

 // validateNetworkConfig ensures that the network configuration values make sense.
 func validateNetworkConfiguration(serverConfig server.Config) error {
-	// Dual-stack operation requires fairly extensive manual configuration at the moment - do some
-	// preflight checks to make sure that the user isn't trying to use flannel/npc, or trying to
-	// enable dual-stack DNS (which we don't currently support since it's not easy to template)
-	dualDNS, err := utilsnet.IsDualStackIPs(serverConfig.ControlConfig.ClusterDNSs)
-	if err != nil {
-		return errors.Wrap(err, "failed to validate cluster-dns")
-	}
-
-	if dualDNS == true {
-		return errors.New("dual-stack cluster-dns is not supported")
-	}
-
 	switch serverConfig.ControlConfig.EgressSelectorMode {
 	case config.EgressSelectorModeCluster, config.EgressSelectorModePod:
 	case config.EgressSelectorModeAgent, config.EgressSelectorModeDisabled:
--- a/pkg/deploy/zz_generated_bindata.go
+++ b/pkg/deploy/zz_generated_bindata.go
--- a/pkg/server/server.go
+++ b/pkg/server/server.go
@ -272,8 +272,16 @@ func stageFiles(ctx context.Context, sc *Context, controlConfig *config.Control)
 		return err
 	}
 	dataDir = filepath.Join(controlConfig.DataDir, "manifests")
+
+	dnsIPFamilyPolicy := "PreferDualStack"
+	if len(controlConfig.ClusterDNSs) == 1 {
+		dnsIPFamilyPolicy = "SingleStack"
+	}
+
 	templateVars := map[string]string{
 		"%{CLUSTER_DNS}%":                 controlConfig.ClusterDNS.String(),
+		"%{CLUSTER_DNS_LIST}%":            fmt.Sprintf("[%s]", util.JoinIPs(controlConfig.ClusterDNSs)),
+		"%{CLUSTER_DNS_IPFAMILYPOLICY}%":  dnsIPFamilyPolicy,
 		"%{CLUSTER_DOMAIN}%":              controlConfig.ClusterDomain,
 		"%{DEFAULT_LOCAL_STORAGE_PATH}%":  controlConfig.DefaultLocalStoragePath,
 		"%{SYSTEM_DEFAULT_REGISTRY}%":     registryTemplate(controlConfig.SystemDefaultRegistry),