Skip to content

Service ipv4 cidr is not supported with IPv6 #4314

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 7 commits into from
Oct 12, 2021
Merged

Service ipv4 cidr is not supported with IPv6 #4314

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
b0d7c2b
Check if managed addons are set when ipv6 is enabled
Skarlso Oct 5, 2021
f3e3d1a
Add OIDC check for ipv6 cluster
Skarlso Oct 5, 2021
4666869
Add version check if ipv6 is defined
Skarlso Oct 5, 2021
ebe72a7
Setting vpc.NAT is not allowed with ipv6
Skarlso Oct 6, 2021
9fdc667
serviceIPv4CIDR is not supported with ipv6
Skarlso Oct 6, 2021
6bc7e76
Merge branch 'ipv6' into service_ipv4_cidr
Skarlso Oct 6, 2021
284db41
Merge branch 'ipv6' into service_ipv4_cidr
Skarlso Oct 8, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions pkg/apis/eksctl.io/v1alpha5/validation.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -179,6 +179,14 @@ func (c *ClusterConfig) ValidateVPCConfig() error {
} else if err == nil && version == -1 {
return fmt.Errorf("cluster version must be >= %s", Version1_21)
}

if c.VPC.NAT != nil {
return fmt.Errorf("setting NAT is not supported with IPv6")
}

if c.KubernetesNetworkConfig != nil && c.KubernetesNetworkConfig.ServiceIPv4CIDR != "" {
return fmt.Errorf("service ipv4 cidr is not supported with IPv6")
}
}
}

Expand Down
62 changes: 62 additions & 0 deletions pkg/apis/eksctl.io/v1alpha5/validation_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -545,6 +545,7 @@ var _ = Describe("ClusterConfig validation", func() {
When("ipFamily is set to IPv6", func() {
It("accepts that setting", func() {
ipv6 := string(api.IPV6Family)
cfg.VPC.NAT = nil
cfg.VPC.IPFamily = &ipv6
cfg.Addons = append(cfg.Addons,
&api.Addon{Name: api.KubeProxyAddon},
Expand Down Expand Up @@ -582,9 +583,31 @@ var _ = Describe("ClusterConfig validation", func() {
Expect(err).To(MatchError(ContainSubstring("cluster version must be >= 1.21")))
})
})
When("ipFamily is set ot IPv6 but version is not or too low", func() {
It("returns an error", func() {
ipv6 := string(api.IPV6Family)
cfg.VPC.IPFamily = &ipv6
cfg.VPC.NAT = nil
cfg.Addons = append(cfg.Addons,
&api.Addon{Name: api.KubeProxyAddon},
&api.Addon{Name: api.CoreDNSAddon},
&api.Addon{Name: api.VPCCNIAddon},
)
cfg.IAM = &api.ClusterIAM{
WithOIDC: api.Enabled(),
}
cfg.Metadata.Version = ""
err = cfg.ValidateVPCConfig()
Expect(err).To(MatchError(ContainSubstring("failed to convert cluster version to semver: unable to parse first version")))
cfg.Metadata.Version = api.Version1_12
err = cfg.ValidateVPCConfig()
Expect(err).To(MatchError(ContainSubstring("cluster version must be >= 1.21")))
})
})
When("ipFamily is set ot IPv6 but no managed addons are provided", func() {
It("it returns an error including which addons are missing", func() {
ipv6 := string(api.IPV6Family)
cfg.VPC.NAT = nil
cfg.VPC.IPFamily = &ipv6
cfg.IAM = &api.ClusterIAM{
WithOIDC: api.Enabled(),
Expand Down Expand Up @@ -631,6 +654,45 @@ var _ = Describe("ClusterConfig validation", func() {
Expect(err).To(MatchError(ContainSubstring("invalid value invalid for ipFamily; allowed are IPv4 and IPv6")))
})
})
When("ipFamily is set to IPv6 and vpc.NAT is defined", func() {
It("it returns an error", func() {
ipv6 := string(api.IPV6Family)
cfg.VPC.IPFamily = &ipv6
cfg.Metadata.Version = api.Version1_22
cfg.IAM = &api.ClusterIAM{
WithOIDC: api.Enabled(),
}
cfg.Addons = append(cfg.Addons,
&api.Addon{Name: api.KubeProxyAddon},
&api.Addon{Name: api.CoreDNSAddon},
&api.Addon{Name: api.VPCCNIAddon},
)
cfg.VPC.NAT = &api.ClusterNAT{}
err = cfg.ValidateVPCConfig()
Expect(err).To(MatchError(ContainSubstring("setting NAT is not supported with IPv6")))
})
})
When("ipFamily is set to IPv6 and serviceIPv4CIDR is not empty", func() {
It("it returns an error", func() {
ipv6 := string(api.IPV6Family)
cfg.VPC.IPFamily = &ipv6
cfg.Metadata.Version = api.Version1_22
cfg.IAM = &api.ClusterIAM{
WithOIDC: api.Enabled(),
}
cfg.Addons = append(cfg.Addons,
&api.Addon{Name: api.KubeProxyAddon},
&api.Addon{Name: api.CoreDNSAddon},
&api.Addon{Name: api.VPCCNIAddon},
)
cfg.KubernetesNetworkConfig = &api.KubernetesNetworkConfig{
ServiceIPv4CIDR: "192.168.0.0/24",
}
cfg.VPC.NAT = nil
err = cfg.ValidateVPCConfig()
Expect(err).To(MatchError(ContainSubstring("service ipv4 cidr is not supported with IPv6")))
})
})
})

Context("CIDRs", func() {
Expand Down
1 change: 1 addition & 0 deletions userdocs/src/usage/vpc-networking.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,7 @@ This is an in config file setting only. When IPv6 is set, the following restrict
- OIDC is enabled
- managed addons are defined as shows above
- version must be => 1.21
- `vpc.NAT` and `serviceIPv4CIDR` fields are created by eksctl for ipv6 clusters and thus, are not supported configuration options

The default value is `IPv4`.

Expand Down