ipv6 fixes

2025-11-01 18:58:39 +00:00 · 2023-01-18 19:00:38 +02:00
parent 3b5e26a00e
commit 5162eb943a
6 changed files with 37 additions and 24 deletions
--- a/azure/README.md
+++ b/azure/README.md
@@ -37,7 +37,3 @@ az ad sp create-for-rbac --name "kubernetes-csi" --role kubernetes-csi --scopes=
 * [metrics-server](https://github.com/kubernetes-sigs/metrics-server) 0.5.0
 * [rancher.io/local-path](https://github.com/rancher/local-path-provisioner) 0.0.19
 * [ingress-nginx](https://kubernetes.github.io/ingress-nginx/) 4.4.2
-
-
-TODO:
-* ipv6 route
--- a/azure/deployments/test-as.yaml
+++ b/azure/deployments/test-as.yaml
@@ -24,12 +24,6 @@ spec:
      nodeSelector:
        project.io/node-pool: web
      affinity:
-        nodeAffinity:
-          requiredDuringSchedulingIgnoredDuringExecution:
-            nodeSelectorTerms:
-              - matchExpressions:
-                  - key: node.kubernetes.io/instance-type
-                    operator: Exists
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            - topologyKey: kubernetes.io/hostname
--- a/azure/prepare/network.tf
+++ b/azure/prepare/network.tf
@@ -63,27 +63,36 @@ resource "azurerm_virtual_network_peering" "peering" {
  allow_gateway_transit        = false
 }

-resource "azurerm_route_table" "link" {
-  for_each            = { for idx, name in var.regions : name => idx if try(var.capabilities[name].network_gw_enable, false) }
+resource "azurerm_route_table" "main" {
+  for_each            = { for idx, name in var.regions : name => idx }
  location            = each.key
-  name                = "link-${each.key}"
+  name                = "main-${each.key}"
  resource_group_name = var.resource_group

  dynamic "route" {
-    for_each = range(0, length(var.network_cidr))
+    for_each = [for cidr in azurerm_virtual_network.main[each.key].address_space : cidr if length(split(".", cidr)) == 1]

    content {
-      name                   = "link-${each.key}-v${length(split(".", var.network_cidr[route.value])) > 1 ? "4" : "6"}"
+      name           = "main-${each.key}-local-v6"
+      address_prefix = route.value
+      next_hop_type  = "VnetLocal"
+    }
+  }
+  dynamic "route" {
+    for_each = try(var.capabilities[each.key].network_gw_enable, false) ? range(0, length(var.network_cidr)) : []
+
+    content {
+      name                   = "main-${each.key}-route-v${length(split(".", var.network_cidr[route.value])) > 1 ? "4" : "6"}"
      address_prefix         = var.network_cidr[route.value]
      next_hop_type          = "VirtualAppliance"
      next_hop_in_ip_address = azurerm_network_interface.router[each.key].private_ip_addresses[route.value]
    }
  }
  dynamic "route" {
-    for_each = [for ip in azurerm_network_interface.router[each.key].private_ip_addresses : ip if length(split(".", ip)) == 1]
+    for_each = try(var.capabilities[each.key].network_gw_enable, false) ? [for ip in azurerm_network_interface.router[each.key].private_ip_addresses : ip if length(split(".", ip)) == 1] : []

    content {
-      name                   = "link-${each.key}-default-v6"
+      name                   = "main-${each.key}-default-v6"
      address_prefix         = "::/0"
      next_hop_type          = "VirtualAppliance"
      next_hop_in_ip_address = route.value
@@ -94,19 +103,19 @@ resource "azurerm_route_table" "link" {
 }

 resource "azurerm_subnet_route_table_association" "controlplane" {
-  for_each       = { for idx, name in var.regions : name => idx if try(var.capabilities[name].network_gw_enable, false) }
+  for_each       = { for idx, name in var.regions : name => idx }
  subnet_id      = azurerm_subnet.controlplane[each.key].id
-  route_table_id = azurerm_route_table.link[each.key].id
+  route_table_id = azurerm_route_table.main[each.key].id
 }

 resource "azurerm_subnet_route_table_association" "public" {
-  for_each       = { for idx, name in var.regions : name => idx if try(var.capabilities[name].network_gw_enable, false) }
+  for_each       = { for idx, name in var.regions : name => idx }
  subnet_id      = azurerm_subnet.public[each.key].id
-  route_table_id = azurerm_route_table.link[each.key].id
+  route_table_id = azurerm_route_table.main[each.key].id
 }

 resource "azurerm_subnet_route_table_association" "private" {
-  for_each       = { for idx, name in var.regions : name => idx if try(var.capabilities[name].network_gw_enable, false) }
+  for_each       = { for idx, name in var.regions : name => idx }
  subnet_id      = azurerm_subnet.private[each.key].id
-  route_table_id = azurerm_route_table.link[each.key].id
+  route_table_id = azurerm_route_table.main[each.key].id
 }
--- a/azure/prepare/versions.tf
+++ b/azure/prepare/versions.tf
@@ -3,7 +3,7 @@ terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
-      version = "~> 3.36.0"
+      version = "~> 3.39.1"
    }
  }
  required_version = ">= 1.2"
--- a/azure/templates/controlplane.yaml.tpl
+++ b/azure/templates/controlplane.yaml.tpl
@@ -23,6 +23,13 @@ machine:
  network:
    hostname: "${name}"
    interfaces:
+      - interface: eth0
+        dhcp: true
+        dhcpOptions:
+          ipv6: true
+        routes:
+          - network: ::/0
+            gateway: fe80::1234:5678:9abc
      - interface: lo
        addresses: ${format("%#v",ipAliases)}
      - interface: dummy0
--- a/azure/templates/worker.yaml.tpl
+++ b/azure/templates/worker.yaml.tpl
@@ -18,6 +18,13 @@ machine:
      - ${cidrhost(split(",",serviceSubnets)[0], 10)}
  network:
    interfaces:
+      - interface: eth0
+        dhcp: true
+        dhcpOptions:
+          ipv6: true
+        routes:
+          - network: ::/0
+            gateway: fe80::1234:5678:9abc
      - interface: dummy0
        addresses:
          - 169.254.2.53/32