github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

agent(netpol): Explicitly enable IPv4 when necessary

Browse Source 
Before this change, kube-router was always assuming that IPv4 is
enabled, which is not the case in IPv6-only clusters. To enable network
policies in IPv6-only, we need to explicitly let kube-router know when
to disable IPv4.

Signed-off-by: Michal Rostecki <vadorovsky@gmail.com>
pull/5518/head
Michal Rostecki 3 years ago committed by Brad Davidson
parent c9badb4fd7
commit c0045f415b
3 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File

2
pkg/agent/netpol/netpol.go
Unescape View File

@ -55,7 +55,7 @@ func Run(ctx context.Context, nodeConfig *config.Node) error {
krConfig := options.NewKubeRouterConfig() krConfig := options.NewKubeRouterConfig()
krConfig.ClusterIPCIDR = util.JoinIPNets(nodeConfig.AgentConfig.ServiceCIDRs) krConfig.ClusterIPCIDR = util.JoinIPNets(nodeConfig.AgentConfig.ServiceCIDRs)
krConfig.EnableIPv4 = true krConfig.EnableIPv4 = nodeConfig.AgentConfig.EnableIPv4
krConfig.EnableIPv6 = nodeConfig.AgentConfig.EnableIPv6 krConfig.EnableIPv6 = nodeConfig.AgentConfig.EnableIPv6
krConfig.NodePortRange = strings.ReplaceAll(nodeConfig.AgentConfig.ServiceNodePortRange.String(), "-", ":") krConfig.NodePortRange = strings.ReplaceAll(nodeConfig.AgentConfig.ServiceNodePortRange.String(), "-", ":")
krConfig.HostnameOverride = nodeConfig.AgentConfig.NodeName krConfig.HostnameOverride = nodeConfig.AgentConfig.NodeName

4
pkg/agent/run.go
Unescape View File

@ -59,15 +59,19 @@ func run(ctx context.Context, cfg cmds.Agent, proxy proxy.Proxy) error {
if err != nil { if err != nil {
return errors.Wrap(err, "failed to validate node-ip") return errors.Wrap(err, "failed to validate node-ip")
} }
serviceIPv4 := utilsnet.IsIPv4CIDR(nodeConfig.AgentConfig.ServiceCIDR)
clusterIPv4 := utilsnet.IsIPv4CIDR(nodeConfig.AgentConfig.ClusterCIDR)
serviceIPv6 := utilsnet.IsIPv6CIDR(nodeConfig.AgentConfig.ServiceCIDR) serviceIPv6 := utilsnet.IsIPv6CIDR(nodeConfig.AgentConfig.ServiceCIDR)
clusterIPv6 := utilsnet.IsIPv6CIDR(nodeConfig.AgentConfig.ClusterCIDR) clusterIPv6 := utilsnet.IsIPv6CIDR(nodeConfig.AgentConfig.ClusterCIDR)
enableIPv4 := dualCluster || dualService || dualNode || serviceIPv4 || clusterIPv4
enableIPv6 := dualCluster || dualService || dualNode || serviceIPv6 || clusterIPv6 enableIPv6 := dualCluster || dualService || dualNode || serviceIPv6 || clusterIPv6
conntrackConfig, err := getConntrackConfig(nodeConfig) conntrackConfig, err := getConntrackConfig(nodeConfig)
if err != nil { if err != nil {
return errors.Wrap(err, "failed to validate kube-proxy conntrack configuration") return errors.Wrap(err, "failed to validate kube-proxy conntrack configuration")
} }
syssetup.Configure(enableIPv6, conntrackConfig) syssetup.Configure(enableIPv6, conntrackConfig)
nodeConfig.AgentConfig.EnableIPv4 = enableIPv4
nodeConfig.AgentConfig.EnableIPv6 = enableIPv6 nodeConfig.AgentConfig.EnableIPv6 = enableIPv6
if err := setupCriCtlConfig(cfg, nodeConfig); err != nil { if err := setupCriCtlConfig(cfg, nodeConfig); err != nil {

1
pkg/daemons/config/types.go
Unescape View File

@ -106,6 +106,7 @@ type Agent struct {
Rootless bool Rootless bool
ProtectKernelDefaults bool ProtectKernelDefaults bool
DisableServiceLB bool DisableServiceLB bool
EnableIPv4 bool
EnableIPv6 bool EnableIPv6 bool
} }

Write Preview
Loading…
Cancel
Save