From 111c1669fcb24c6df6198929a85f8536c3c3d671 Mon Sep 17 00:00:00 2001
From: Roberto Bonafiglia <roberto.bonafiglia@gmail.com>
Date: Fri, 14 Jan 2022 16:54:55 +0100
Subject: [PATCH] Added flannel-ipv6-masq flag to enable IPv6 nat

Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@gmail.com>
---
 pkg/agent/config/config.go   | 1 +
 pkg/agent/flannel/flannel.go | 4 ++--
 pkg/agent/flannel/setup.go   | 2 +-
 pkg/cli/cmds/server.go       | 6 ++++++
 pkg/cli/server/server.go     | 1 +
 pkg/daemons/config/types.go  | 2 ++
 6 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/pkg/agent/config/config.go b/pkg/agent/config/config.go
index e8a80bd74f..69ec633ada 100644
--- a/pkg/agent/config/config.go
+++ b/pkg/agent/config/config.go
@@ -411,6 +411,7 @@ func get(ctx context.Context, envInfo *cmds.Agent, proxy proxy.Proxy) (*config.N
 		SELinux:                  envInfo.EnableSELinux,
 		ContainerRuntimeEndpoint: envInfo.ContainerRuntimeEndpoint,
 		FlannelBackend:           controlConfig.FlannelBackend,
+		FlannelIPv6Masq:          controlConfig.FlannelIPv6Masq,
 		ServerHTTPSPort:          controlConfig.HTTPSPort,
 		Token:                    info.String(),
 	}
diff --git a/pkg/agent/flannel/flannel.go b/pkg/agent/flannel/flannel.go
index d7a86f882f..b1435d64ed 100644
--- a/pkg/agent/flannel/flannel.go
+++ b/pkg/agent/flannel/flannel.go
@@ -39,7 +39,7 @@ const (
 	subnetFile = "/run/flannel/subnet.env"
 )
 
-func flannel(ctx context.Context, flannelIface *net.Interface, flannelConf, kubeConfigFile string, netMode int) error {
+func flannel(ctx context.Context, flannelIface *net.Interface, flannelConf, kubeConfigFile string, flannelIPv6Masq bool, netMode int) error {
 	extIface, err := LookupExtInterface(flannelIface, netMode)
 	if err != nil {
 		return err
@@ -71,7 +71,7 @@ func flannel(ctx context.Context, flannelIface *net.Interface, flannelConf, kube
 	go network.SetupAndEnsureIPTables(network.MasqRules(config.Network, bn.Lease()), 60)
 	go network.SetupAndEnsureIPTables(network.ForwardRules(config.Network.String()), 50)
 
-	if config.IPv6Network.String() != emptyIPv6Network {
+	if flannelIPv6Masq && config.IPv6Network.String() != emptyIPv6Network {
 		go network.SetupAndEnsureIP6Tables(network.MasqIP6Rules(config.IPv6Network, bn.Lease()), 60)
 		go network.SetupAndEnsureIP6Tables(network.ForwardRules(config.IPv6Network.String()), 50)
 	}
diff --git a/pkg/agent/flannel/setup.go b/pkg/agent/flannel/setup.go
index 2800faf9d8..02228406b9 100644
--- a/pkg/agent/flannel/setup.go
+++ b/pkg/agent/flannel/setup.go
@@ -99,7 +99,7 @@ func Run(ctx context.Context, nodeConfig *config.Node, nodes typedcorev1.NodeInt
 		return errors.Wrap(err, "failed to check netMode for flannel")
 	}
 	go func() {
-		err := flannel(ctx, nodeConfig.FlannelIface, nodeConfig.FlannelConfFile, nodeConfig.AgentConfig.KubeConfigKubelet, netMode)
+		err := flannel(ctx, nodeConfig.FlannelIface, nodeConfig.FlannelConfFile, nodeConfig.AgentConfig.KubeConfigKubelet, nodeConfig.FlannelIPv6Masq, netMode)
 		if err != nil && !errors.Is(err, context.Canceled) {
 			logrus.Fatalf("flannel exited: %v", err)
 		}
diff --git a/pkg/cli/cmds/server.go b/pkg/cli/cmds/server.go
index 237cc2a3b3..dcdf1adac2 100644
--- a/pkg/cli/cmds/server.go
+++ b/pkg/cli/cmds/server.go
@@ -62,6 +62,7 @@ type Server struct {
 	DisableScheduler         bool
 	ServerURL                string
 	FlannelBackend           string
+	FlannelIPv6Masq          bool
 	DefaultLocalStoragePath  string
 	DisableCCM               bool
 	DisableNPC               bool
@@ -204,6 +205,11 @@ var ServerFlags = []cli.Flag{
 		Destination: &ServerConfig.FlannelBackend,
 		Value:       "vxlan",
 	},
+	cli.BoolFlag{
+		Name:        "flannel-ipv6-masq",
+		Usage:       "(networking) Enable IPv6 masquerading for pod",
+		Destination: &ServerConfig.FlannelIPv6Masq,
+	},
 	ServerToken,
 	cli.StringFlag{
 		Name:        "token-file",
diff --git a/pkg/cli/server/server.go b/pkg/cli/server/server.go
index feb0ca29d8..2e1f5bf886 100644
--- a/pkg/cli/server/server.go
+++ b/pkg/cli/server/server.go
@@ -127,6 +127,7 @@ func run(app *cli.Context, cfg *cmds.Server, leaderControllers server.CustomCont
 	serverConfig.ControlConfig.AdvertiseIP = cfg.AdvertiseIP
 	serverConfig.ControlConfig.AdvertisePort = cfg.AdvertisePort
 	serverConfig.ControlConfig.FlannelBackend = cfg.FlannelBackend
+	serverConfig.ControlConfig.FlannelIPv6Masq = cfg.FlannelIPv6Masq
 	serverConfig.ControlConfig.ExtraCloudControllerArgs = cfg.ExtraCloudControllerArgs
 	serverConfig.ControlConfig.DisableCCM = cfg.DisableCCM
 	serverConfig.ControlConfig.DisableNPC = cfg.DisableNPC
diff --git a/pkg/daemons/config/types.go b/pkg/daemons/config/types.go
index 6f6014fd55..a7db73c51b 100644
--- a/pkg/daemons/config/types.go
+++ b/pkg/daemons/config/types.go
@@ -34,6 +34,7 @@ type Node struct {
 	FlannelConfFile          string
 	FlannelConfOverride      bool
 	FlannelIface             *net.Interface
+	FlannelIPv6Masq          bool
 	Containerd               Containerd
 	Images                   string
 	AgentConfig              Agent
@@ -116,6 +117,7 @@ type CriticalControlArgs struct {
 	DisableNPC            bool
 	DisableServiceLB      bool
 	FlannelBackend        string
+	FlannelIPv6Masq       bool
 	NoCoreDNS             bool
 	ServiceIPRange        *net.IPNet
 	ServiceIPRanges       []*net.IPNet