feat: support dual-stack

[ghostloda]

support Dual-stack #2919

Test report:

cluster

k8sversion: 1.26.1
calico: v3.25.0
deployed on 2 nodes:

• lcx-test-ipv6-1 (controller-plane)
• lcx-test-ipv6-2

The network

• Host IP:

lcx-test-ipv6-1

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc pfifo_fast state UP group default qlen 1000
    link/ether fa:16:3e:8c:91:0a brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.10/24 brd 192.168.0.255 scope global dynamic eth0
       valid_lft 58574sec preferred_lft 58574sec
    inet6 2001:db8::f816:3eff:fe8c:910a/64 scope global noprefixroute dynamic 
       valid_lft 86378sec preferred_lft 14378sec
    inet6 fe80::f816:3eff:fe8c:910a/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

lcx-test-ipv6-2

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc pfifo_fast state UP group default qlen 1000
    link/ether fa:16:3e:d1:e7:3e brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.11/24 brd 192.168.0.255 scope global dynamic eth0
       valid_lft 57042sec preferred_lft 57042sec
    inet6 2001:db8::f816:3eff:fed1:e73e/64 scope global noprefixroute dynamic 
       valid_lft 86373sec preferred_lft 14373sec
    inet6 fe80::f816:3eff:fed1:e73e/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

• My LAN uses:

apiVersion: kubeadm.k8s.io/v1beta3
kind: ClusterConfiguration
ControllerManager:
  ExtraArgs:
    node-cidr-mask-size-ipv6: 120
    node-cidr-mask-size-ipv4: 24
Networking:
  DNSDomain: ""
  PodSubnet: 100.64.0.0/10,fd85:ee78:d8a6:8607::1:0000/112
  ServiceSubnet: 10.96.0.0/22,fd85:ee78:d8a6:8607::1000/116

• Calico config

apiVersion: apps.sealos.io/v1beta1
kind: Config
metadata:
  name: calico
spec:
  path: charts/calico/values.yaml
  strategy: merge
  data: |
    installation:
      enabled: true
      kubernetesProvider: ""
      calicoNetwork:
        bgp: Disabled
        ipPools:
        - blockSize: 22
          cidr: 100.64.0.0/10
          encapsulation: VXLAN
          natOutgoing: Enabled
          nodeSelector: all()
        - blockSize: 122
          cidr: fd85:ee78:d8a6:8607::1:0000/112
          encapsulation: VXLAN
          natOutgoing: Enabled
          nodeSelector: all()
        nodeAddressAutodetectionV4:
          interface: "eth.*|en.*|em.*"
        nodeAddressAutodetectionV6:
          interface: "eth.*|en.*|em.*"

Instal cluster

 sealos apply -f Clusterfile-gen 

[root@lcx-test-ipv6-1 ~]# kubectl get nodes -owide
NAME                        STATUS   ROLES           AGE    VERSION   INTERNAL-IP    EXTERNAL-IP   OS-IMAGE                KERNEL-VERSION               CONTAINER-RUNTIME
lcx-test-ipv6-1.novalocal   Ready    control-plane   3h1m   v1.26.1   192.168.0.10   <none>        CentOS Linux 7 (Core)   5.12.0-1.el7.elrepo.x86_64   containerd://1.6.17
lcx-test-ipv6-2.novalocal   Ready    <none>          3h     v1.26.1   192.168.0.11   <none>        CentOS Linux 7 (Core)   5.12.0-1.el7.elrepo.x86_64   containerd://1.6.17

install sucess

Test pod

Deploy a dual-stack pod:

apiVersion: v1
kind: Pod
metadata:
  labels:
    app: nginx-test
  name: nginx-test
spec:
  containers:
  - image: nginx:latest
    name: nginx-test

# kubectl describe pods nginx-test
Name:             nginx-test
Namespace:        default
Priority:         0
Service Account:  default
Node:             lcx-test-ipv6-2.novalocal/192.168.0.11
Start Time:       Fri, 14 Jul 2023 17:28:32 +0800
Labels:           app=nginx-test
Annotations:      cni.projectcalico.org/containerID: c633a9a293748eb932284b24a8b3701ba3594e1743e5953be69b39054236897f
                  cni.projectcalico.org/podIP: 100.101.200.3/32
                  cni.projectcalico.org/podIPs: 100.101.200.3/32,fd85:ee78:d8a6:8607::1:5c83/128
Status:           Running
IP:               100.101.200.3
IPs:
  IP:  100.101.200.3
  IP:  fd85:ee78:d8a6:8607::1:5c83

Cross node Ping is ok

[root@lcx-test-ipv6-1 ~]# ping6 fd85:ee78:d8a6:8607::1:5c83
PING fd85:ee78:d8a6:8607::1:5c83(fd85:ee78:d8a6:8607::1:5c83) 56 data bytes
64 bytes from fd85:ee78:d8a6:8607::1:5c83: icmp_seq=1 ttl=63 time=0.893 ms
64 bytes from fd85:ee78:d8a6:8607::1:5c83: icmp_seq=2 ttl=63 time=0.632 ms
^C
--- fd85:ee78:d8a6:8607::1:5c83 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.632/0.762/0.893/0.133 ms
[root@lcx-test-ipv6-1 ~]# ping 100.101.200.3
PING 100.101.200.3 (100.101.200.3) 56(84) bytes of data.
64 bytes from 100.101.200.3: icmp_seq=1 ttl=63 time=0.507 ms
64 bytes from 100.101.200.3: icmp_seq=2 ttl=63 time=0.448 ms
^C
--- 100.101.200.3 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1035ms
rtt min/avg/max/mdev = 0.448/0.477/0.507/0.036 ms

Expose a pod using a dual-stack ClusterIP

helloweb.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: helloweb
  labels:
    app: hello
spec:
  selector:
    matchLabels:
      app: hello
      tier: web
  template:
    metadata:
      labels:
        app: hello
        tier: web
    spec:
      containers:
      - name: hello-app
        image: hello-app:1.0
        ports:
        - containerPort: 8080
        resources:
          requests:
            cpu: 200m
      nodeName: lcx-test-ipv6-1.novalocal
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: hello
  name: helloweb-backend
  namespace: default
spec:
  ipFamilies:
  - IPv4
  - IPv6
  ipFamilyPolicy: RequireDualStack
  ports:
  - nodePort: 30284
    port: 8080
    protocol: TCP
    targetPort: 8080
  selector:
    app: hello
    tier: web
  sessionAffinity: None
  type: NodePort

[root@lcx-test-ipv6-1 ~]# kubectl describe svc helloweb-backend
Name:                     helloweb-backend
Namespace:                default
Labels:                   app=hello
Annotations:              <none>
Selector:                 app=hello,tier=web
Type:                     NodePort
IP Family Policy:         RequireDualStack
IP Families:              IPv4,IPv6
IP:                       10.96.0.246
IPs:                      10.96.0.246,fd85:ee78:d8a6:8607::1d56
Port:                     <unset>  8080/TCP
TargetPort:               8080/TCP
NodePort:                 <unset>  30284/TCP
Endpoints:                100.92.132.7:8080
Session Affinity:         None
External Traffic Policy:  Cluster
Events:                   <none>

The service got both IPv4 and IPv6,

From inside another container:

[root@lcx-test-ipv6-1 ~]# kubectl exec -it nginx-test  -- bash
root@nginx-test:/# curl -6 -I helloweb-backend.default.svc.cluster.local:8080
HTTP/1.1 200 OK
Date: Fri, 14 Jul 2023 12:02:04 GMT
Content-Length: 65
Content-Type: text/plain; charset=utf-8

root@nginx-test:/# curl -4 -I helloweb-backend.default.svc.cluster.local:8080
HTTP/1.1 200 OK
Date: Fri, 14 Jul 2023 12:02:11 GMT
Content-Length: 65
Content-Type: text/plain; charset=utf-8

root@nginx-test:/# 

The service is reachable by both protocols from inside the cluster.

[sealos-ci-robot]

🤖 Generated by lychee action

Summary

Status	Count
🔍 Total	903
✅ Successful	337
⏳ Timeouts	0
🔀 Redirected	0
👻 Excluded	565
❓ Unknown	0
🚫 Errors	0

Full action output

Full Github Actions output

[codecov]

Codecov Report

Patch and project coverage have no change.

Comparison is base (74beff7) 72.97% compared to head (ac2c336) 72.97%.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #3509   +/-   ##
=======================================
  Coverage   72.97%   72.97%           
=======================================
  Files           8        8           
  Lines         618      618           
=======================================
  Hits          451      451           
  Misses        132      132           
  Partials       35       35           

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

[sealos-ci-robot]

/cherry-pick release-v4.3

[sealos-ci-robot]

🤖 says: cherry pick action finished successfully 🎉!
See: https://github.com/labring/sealos/actions/runs/5565576694