agent(netpol): Explicitly enable IPv4 when necessary

Before this change, kube-router was always assuming that IPv4 is enabled, which is not the case in IPv6-only clusters. To enable network policies in IPv6-only, we need to explicitly let kube-router know when to disable IPv4. Signed-off-by: Michal Rostecki <vadorovsky@gmail.com>
2024-06-07 19:41:36 +00:00 · 2022-04-20 16:01:49 +02:00 · 2022-04-20 16:01:49 +02:00 · c0045f415b
commit c0045f415b
parent c9badb4fd7
3 changed files with 6 additions and 1 deletions
--- a/pkg/agent/netpol/netpol.go
+++ b/pkg/agent/netpol/netpol.go
@ -55,7 +55,7 @@ func Run(ctx context.Context, nodeConfig *config.Node) error {

 	krConfig := options.NewKubeRouterConfig()
 	krConfig.ClusterIPCIDR = util.JoinIPNets(nodeConfig.AgentConfig.ServiceCIDRs)
-	krConfig.EnableIPv4 = true
+	krConfig.EnableIPv4 = nodeConfig.AgentConfig.EnableIPv4
 	krConfig.EnableIPv6 = nodeConfig.AgentConfig.EnableIPv6
 	krConfig.NodePortRange = strings.ReplaceAll(nodeConfig.AgentConfig.ServiceNodePortRange.String(), "-", ":")
 	krConfig.HostnameOverride = nodeConfig.AgentConfig.NodeName
--- a/pkg/agent/run.go
+++ b/pkg/agent/run.go
@ -59,15 +59,19 @@ func run(ctx context.Context, cfg cmds.Agent, proxy proxy.Proxy) error {
 	if err != nil {
 		return errors.Wrap(err, "failed to validate node-ip")
 	}
+	serviceIPv4 := utilsnet.IsIPv4CIDR(nodeConfig.AgentConfig.ServiceCIDR)
+	clusterIPv4 := utilsnet.IsIPv4CIDR(nodeConfig.AgentConfig.ClusterCIDR)
 	serviceIPv6 := utilsnet.IsIPv6CIDR(nodeConfig.AgentConfig.ServiceCIDR)
 	clusterIPv6 := utilsnet.IsIPv6CIDR(nodeConfig.AgentConfig.ClusterCIDR)

+	enableIPv4 := dualCluster || dualService || dualNode || serviceIPv4 || clusterIPv4
 	enableIPv6 := dualCluster || dualService || dualNode || serviceIPv6 || clusterIPv6
 	conntrackConfig, err := getConntrackConfig(nodeConfig)
 	if err != nil {
 		return errors.Wrap(err, "failed to validate kube-proxy conntrack configuration")
 	}
 	syssetup.Configure(enableIPv6, conntrackConfig)
+	nodeConfig.AgentConfig.EnableIPv4 = enableIPv4
 	nodeConfig.AgentConfig.EnableIPv6 = enableIPv6

 	if err := setupCriCtlConfig(cfg, nodeConfig); err != nil {
--- a/pkg/daemons/config/types.go
+++ b/pkg/daemons/config/types.go
@ -106,6 +106,7 @@ type Agent struct {
 	Rootless                bool
 	ProtectKernelDefaults   bool
 	DisableServiceLB        bool
+	EnableIPv4              bool
 	EnableIPv6              bool
 }