OpenStack: enable IPv6 primary dual-stack cluster #7259
Conversation
openshift-ci
bot
added
the
do-not-merge/work-in-progress
|
Skipping CI for Draft Pull Request. |
openshift-ci
bot
removed
the
do-not-merge/work-in-progress
|
/retest |
MaysaMacedo
force-pushed
the
v6-primary
branch
3 times, most recently
from
7ead0bd
to
798e0a5
Compare
|
/test unit |
|
/retest |
|
Nodes and Pods were listing IPv6 address first in the list of addresses. |
|
/cc @gryf |
This commit removes the restriction of only allowing IPv4 first dual-stack clusters. Also, in preparation for future single stack IPv6 clusters, it duplicates all the existent security group rules to work with IPv6 ethertype, with exception of IKE nat, given there is no nat for IPv6.
MaysaMacedo
force-pushed
the
v6-primary
branch
from
798e0a5
to
2748047
Compare
|
/lgtm |
|
/assign @pawanpinjarkar as the bot suggests |
|
/assign @pawanpinjarkar |
|
/test e2e-aws-ovn |
|
@MaysaMacedo: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
/retest |
|
/hold Revision 2748047 was retested 3 times: holding |
openshift-ci
bot
added
the
do-not-merge/hold
|
/hold cancel |
openshift-ci
bot
removed
the
do-not-merge/hold
| resource "openstack_networking_secgroup_rule_v2" "worker_ingress_services_udp_v6" { | ||
| count = length(var.machine_v6_cidrs) | ||
| direction = "ingress" | ||
| ethertype = "IPv6" | ||
| protocol = "udp" | ||
| port_range_min = 30000 | ||
| port_range_max = 32767 | ||
| remote_ip_prefix = element(var.machine_v6_cidrs, count.index) | ||
| security_group_id = openstack_networking_secgroup_v2.worker.id | ||
| description = local.description | ||
| } |
| resource "openstack_networking_secgroup_rule_v2" "worker_ingress_services_tcp_v6" { | ||
| count = length(var.machine_v6_cidrs) | ||
| direction = "ingress" | ||
| ethertype = "IPv6" | ||
| protocol = "tcp" | ||
| port_range_min = 30000 | ||
| port_range_max = 32767 | ||
| remote_ip_prefix = element(var.machine_v6_cidrs, count.index) | ||
| security_group_id = openstack_networking_secgroup_v2.worker.id | ||
| description = local.description | ||
| } |
There was a problem hiding this comment.
This feels like something that should have been here since dual stack support, i.e. IPv6 LoadBalancer Services need this.
There was a problem hiding this comment.
I thought about this, but when I tried connecting to a IPv6 LB without it in tech preview, it worked fine.
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: dulek, EmilienM, sadasu The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/retest-required |
|
/retest-required |
|
/hold Revision 2748047 was retested 3 times: holding |
openshift-ci
bot
added
the
do-not-merge/hold
|
/hold cancel |
openshift-ci
bot
removed
the
do-not-merge/hold
|
/retest-required |
|
/retest |
1 similar comment
|
/retest |
|
/test e2e-aws-ovn |
|
@MaysaMacedo: The following test failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
This commit removes the enforcement of the ordering IPv4 to api and ingress VIPs and adds IPv6 security group rules to allow ingress and egress traffic over IPv6.