Fixes NodePort in ipv6 with proxy-mode=ipvs

[uablrek]

Use ipv6 addresses for NodePort with proxy-mode=ipvs in a ipv6-only cluster.

What type of PR is this?

/kind bug

What this PR does / why we need it:

This affects ipv6-only cluster with proxy-mode=ipvs only.

In an ipv6-only cluster the address scanning function used for setting up NodePort rules in ipvs ipvs return ipv4 addresses.

This PR ensures that ipv6 addresses are returned by the scanning function in an ipv6-only cluster. This makes NodePort work in an ipv6-only cluster with proxy-mode=ipvs.

Which issue(s) this PR fixes

Fixes #68437

Special notes for your reviewer:

I added a ipv6 flag in the netlinkHandle struct rather than return both ipv4 and ipv6 addresses. The main reason for this is that IHO it reduces the risk for breaking the existing ipv4 function.

I am unsure how this will affect future dual-stack work, but the again I guess nobody knows and maybe it even simplifies.

Only manual testing that NodePort works in ipv6-only/ipvs is performed.

Does this PR introduce a user-facing change?:

NONE

[k8s-ci-robot]

@uablrek: Adding the "do-not-merge/release-note-label-needed" label because no release-note block was detected, please follow our release note process to remove it.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[k8s-ci-robot]

Hi @uablrek. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[uablrek]

/sig network

[Lion-Wei]

/ok-to-test

[uablrek]

/retest

[Lion-Wei]

You can use the var isIPv6 instead of nodeIP.To4() == nil

[Lion-Wei]

Same as above

[uablrek]

@Lion-Wei God point. I will update

[uablrek]

I will also rename the parameter to NewNetLinkHandle ipv6 -> isIPv6 to have consitent naming

[uablrek]

/test pull-kubernetes-verify

[Lion-Wei]

/release-note-none
/lgtm
/assign @m1093782566

[Lion-Wei]

xref: #71202

[m1093782566]

/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: m1093782566, uablrek

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• pkg/proxy/ipvs/OWNERS [m1093782566]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[m1093782566]

I think this bug fix should be in v1.13.

/milestone v1.13

[m1093782566]

Adding label
/priority critical-urgent

as it may break an IPV6 cluster.

[AishSundar]

/hold

[AishSundar]

@uablrek @m1093782566 was this PR meant for 1.13? we no longer accept merges into 1.13 branch and only extremely critical urgent fixes can to be CP'ed if needed.

[uablrek]

I think at the time of creation the version was still "1.13...something" so it should work if the patch can be applied. Note that this is a problem only for ipv6-only in combination with proxy-mode=ipvs. The most common is still proxy-mode=iptables which seem to work. So maybe this can slide to 1.14 but if it is possible to document that ipv6+proxy-mode=ipvs is not supported <1.14 it may save some time for new ipv6 users.

[nikopen]

It's a pretty rare cluster conf combination for people to use directly 1.13.0 in production..

@uablrek This can be cherry picked back to 1.13.1 after it merges on master right?

It can be in the release notes that the patch will go in on 1.13.1 @marpaia

/milestone v1.14

[uablrek]

@nikopen Not much have happened in the code as far as I know, and the base was 1.13... so I am pretty sure it can be cherry-picked.

[AishSundar]

Thanks all

/hold cancel

[m1093782566]

/release-note-none

Putting this PR into merge pool...

[m1093782566]

/milestone clear

[fejta-bot]

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to fejta).

Review the full test history for this PR.

Silence the bot with an /lgtm cancel comment for consistent failures.

[fejta-bot]

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to fejta).

Review the full test history for this PR.

Silence the bot with an /lgtm cancel comment for consistent failures.