fix: generate correct Flannel config for IPv6-only clusters

See https://github.com/flannel-io/flannel/blob/master/Documentation/configuration.md#ipv6-only Fixes #6427 Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com> (cherry picked from commit 3333cd9)
siderolabs · Nov 21, 2022 · bd8ca9d · bd8ca9d
1 parent f9b5cd8
commit bd8ca9d
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 3 deletions.
diff --git a/internal/app/machined/pkg/controllers/k8s/manifest_test.go b/internal/app/machined/pkg/controllers/k8s/manifest_test.go
@@ -296,6 +296,28 @@ func (suite *ManifestSuite) TestReconcileIPv6() {
 
 	v, _, _ = unstructured.NestedString(service.Object, "spec", "ipFamilyPolicy") //nolint:errcheck
 	suite.Assert().Equal("SingleStack", v)
+
+	r, err = suite.state.Get(
+		suite.ctx,
+		resource.NewMetadata(
+			k8s.ControlPlaneNamespaceName,
+			k8s.ManifestType,
+			"05-flannel",
+			resource.VersionUndefined,
+		),
+	)
+	suite.Require().NoError(err)
+
+	manifest = r.(*k8s.Manifest) //nolint:errcheck,forcetypeassert
+	suite.Assert().Len(k8sadapter.Manifest(manifest).Objects(), 5)
+
+	configmap := k8sadapter.Manifest(manifest).Objects()[3]
+	suite.Assert().Equal("ConfigMap", configmap.GetKind())
+
+	v, _, _ = unstructured.NestedString(configmap.Object, "data", "net-conf.json") //nolint:errcheck
+	suite.Assert().Contains(v, `"EnableIPv4": false`)
+	suite.Assert().Contains(v, `"EnableIPv6": true`)
+	suite.Assert().Contains(v, fmt.Sprintf(`"IPv6Network": "%s"`, constants.DefaultIPv6PodNet))
 }
 
 func (suite *ManifestSuite) TestReconcileDisablePSP() {

diff --git a/internal/app/machined/pkg/controllers/k8s/templates.go b/internal/app/machined/pkg/controllers/k8s/templates.go
@@ -515,7 +515,7 @@ data:
   cni-conf.json: |
     {
       "name": "cbr0",
-      "cniVersion": "0.3.1",
+      "cniVersion": "1.0.0",
       "plugins": [
         {
           "type": "flannel",
@@ -534,14 +534,19 @@ data:
     }
   net-conf.json: |
     {
+      {{- $hasIPv4 := false }}
       {{- range $cidr := .PodCIDRs }}
         {{- if contains $cidr "." }}
+        {{- $hasIPv4 = true }}
       "Network": "{{ $cidr }}",
         {{- else }}
-      "IPv6Network" : "{{ $cidr }}",
-      "EnableIPv6" : true,
+      "IPv6Network": "{{ $cidr }}",
+      "EnableIPv6": true,
         {{- end }}
       {{- end }}
+      {{- if not $hasIPv4 }}
+      "EnableIPv4": false,
+      {{- end }}
       "Backend": {
         "Type": "vxlan",
         "Port": 4789