Enable IPv6 forwarding in default OSPs (#299)

Signed-off-by: Waleed Malik <[email protected]>
Co-authored-by: Waleed Malik <[email protected]>

deploy/osps/default/osp-amzn2.yaml

@@ -20,7 +20,7 @@ metadata:
 spec:
   osName: "amzn2"
   osVersion: "2.0"
-  version: "v1.3.0"
+  version: "v1.3.1"
   provisioningUtility: "cloud-init"
   supportedCloudProviders:
     - name: "aws"
@@ -415,6 +415,13 @@ spec:
               kernel.panic_on_oops = 1
               kernel.panic = 10
               net.ipv4.ip_forward = 1
+              {{- if or (eq .NetworkIPFamily "IPv4+IPv6") (eq .NetworkIPFamily "IPv6+IPv4") (eq .NetworkIPFamily "IPv6") }}
+              net.ipv6.conf.all.forwarding = 1
+              # Configure Linux to accept router advertisements to ensure the default
+              # IPv6 route is not removed from the routing table when the Docker service starts.
+              # For more information: https://github.com/docker/for-linux/issues/844
+              net.ipv6.conf.all.accept_ra		= 2
+              {{- end }}
               vm.overcommit_memory = 1
               fs.inotify.max_user_watches = 1048576
               fs.inotify.max_user_instances = 8192

deploy/osps/default/osp-centos.yaml

@@ -20,7 +20,7 @@ metadata:
 spec:
   osName: "centos"
   osVersion: "7.7"
-  version: "v1.3.0"
+  version: "v1.3.1"
   provisioningUtility: "cloud-init"
   supportedCloudProviders:
     - name: "alibaba"
@@ -437,6 +437,13 @@ spec:
               kernel.panic_on_oops = 1
               kernel.panic = 10
               net.ipv4.ip_forward = 1
+              {{- if or (eq .NetworkIPFamily "IPv4+IPv6") (eq .NetworkIPFamily "IPv6+IPv4") (eq .NetworkIPFamily "IPv6") }}
+              net.ipv6.conf.all.forwarding = 1
+              # Configure Linux to accept router advertisements to ensure the default
+              # IPv6 route is not removed from the routing table when the Docker service starts.
+              # For more information: https://github.com/docker/for-linux/issues/844
+              net.ipv6.conf.all.accept_ra		= 2
+              {{- end }}
               vm.overcommit_memory = 1
               fs.inotify.max_user_watches = 1048576
               fs.inotify.max_user_instances = 8192

deploy/osps/default/osp-flatcar-cloud-init.yaml

@@ -21,7 +21,7 @@ spec:
   osName: flatcar
   ## Flatcar Stable (09/11/2021)
   osVersion: "2983.2.0"
-  version: "v1.3.0"
+  version: "v1.3.1"
   provisioningUtility: "cloud-init"
   supportedCloudProviders:
     - name: "anexia"
@@ -421,6 +421,13 @@ spec:
               kernel.panic_on_oops = 1
               kernel.panic = 10
               net.ipv4.ip_forward = 1
+              {{- if or (eq .NetworkIPFamily "IPv4+IPv6") (eq .NetworkIPFamily "IPv6+IPv4") (eq .NetworkIPFamily "IPv6") }}
+              net.ipv6.conf.all.forwarding = 1
+              # Configure Linux to accept router advertisements to ensure the default
+              # IPv6 route is not removed from the routing table when the Docker service starts.
+              # For more information: https://github.com/docker/for-linux/issues/844
+              net.ipv6.conf.all.accept_ra		= 2
+              {{- end }}
               vm.overcommit_memory = 1
               fs.inotify.max_user_watches = 1048576
               fs.inotify.max_user_instances = 8192

deploy/osps/default/osp-flatcar.yaml

@@ -21,7 +21,7 @@ spec:
   osName: flatcar
   ## Flatcar Stable (09/11/2021)
   osVersion: "2983.2.0"
-  version: "v1.3.0"
+  version: "v1.3.1"
   provisioningUtility: "ignition"
   supportedCloudProviders:
     - name: "aws"
@@ -411,6 +411,13 @@ spec:
               kernel.panic_on_oops = 1
               kernel.panic = 10
               net.ipv4.ip_forward = 1
+              {{- if or (eq .NetworkIPFamily "IPv4+IPv6") (eq .NetworkIPFamily "IPv6+IPv4") (eq .NetworkIPFamily "IPv6") }}
+              net.ipv6.conf.all.forwarding = 1
+              # Configure Linux to accept router advertisements to ensure the default
+              # IPv6 route is not removed from the routing table when the Docker service starts.
+              # For more information: https://github.com/docker/for-linux/issues/844
+              net.ipv6.conf.all.accept_ra		= 2
+              {{- end }}
               vm.overcommit_memory = 1
               fs.inotify.max_user_watches = 1048576
               fs.inotify.max_user_instances = 8192

deploy/osps/default/osp-rhel.yaml

@@ -20,7 +20,7 @@ metadata:
 spec:
   osName: "rhel"
   osVersion: "8.5"
-  version: "v1.3.0"
+  version: "v1.3.1"
   provisioningUtility: "cloud-init"
   supportedCloudProviders:
     - name: "aws"
@@ -427,6 +427,13 @@ spec:
               kernel.panic_on_oops = 1
               kernel.panic = 10
               net.ipv4.ip_forward = 1
+              {{- if or (eq .NetworkIPFamily "IPv4+IPv6") (eq .NetworkIPFamily "IPv6+IPv4") (eq .NetworkIPFamily "IPv6") }}
+              net.ipv6.conf.all.forwarding = 1
+              # Configure Linux to accept router advertisements to ensure the default
+              # IPv6 route is not removed from the routing table when the Docker service starts.
+              # For more information: https://github.com/docker/for-linux/issues/844
+              net.ipv6.conf.all.accept_ra		= 2
+              {{- end }}
               vm.overcommit_memory = 1
               fs.inotify.max_user_watches = 1048576
               fs.inotify.max_user_instances = 8192

deploy/osps/default/osp-rockylinux.yaml

@@ -20,7 +20,7 @@ metadata:
 spec:
   osName: "rockylinux"
   osVersion: "8.6"
-  version: "v1.3.0"
+  version: "v1.3.1"
   provisioningUtility: "cloud-init"
   supportedCloudProviders:
     - name: "aws"
@@ -431,6 +431,13 @@ spec:
               kernel.panic_on_oops = 1
               kernel.panic = 10
               net.ipv4.ip_forward = 1
+              {{- if or (eq .NetworkIPFamily "IPv4+IPv6") (eq .NetworkIPFamily "IPv6+IPv4") (eq .NetworkIPFamily "IPv6") }}
+              net.ipv6.conf.all.forwarding = 1
+              # Configure Linux to accept router advertisements to ensure the default
+              # IPv6 route is not removed from the routing table when the Docker service starts.
+              # For more information: https://github.com/docker/for-linux/issues/844
+              net.ipv6.conf.all.accept_ra		= 2
+              {{- end }}
               vm.overcommit_memory = 1
               fs.inotify.max_user_watches = 1048576
               fs.inotify.max_user_instances = 8192

deploy/osps/default/osp-ubuntu.yaml

@@ -20,7 +20,7 @@ metadata:
 spec:
   osName: "ubuntu"
   osVersion: "20.04"
-  version: "v1.3.0"
+  version: "v1.3.1"
   provisioningUtility: "cloud-init"
   supportedCloudProviders:
     - name: "alibaba"
@@ -451,6 +451,13 @@ spec:
               kernel.panic_on_oops = 1
               kernel.panic = 10
               net.ipv4.ip_forward = 1
+              {{- if or (eq .NetworkIPFamily "IPv4+IPv6") (eq .NetworkIPFamily "IPv6+IPv4") (eq .NetworkIPFamily "IPv6") }}
+              net.ipv6.conf.all.forwarding = 1
+              # Configure Linux to accept router advertisements to ensure the default
+              # IPv6 route is not removed from the routing table when the Docker service starts.
+              # For more information: https://github.com/docker/for-linux/issues/844
+              net.ipv6.conf.all.accept_ra		= 2
+              {{- end }}
               vm.overcommit_memory = 1
               fs.inotify.max_user_watches = 1048576
               fs.inotify.max_user_instances = 8192

pkg/controllers/osc/testdata/osc-ubuntu-aws-dualstack-IPv6+IPv4.yaml

@@ -229,15 +229,14 @@ spec:
       permissions: 755
     - content:
         inline:
-          data: |
-            net.bridge.bridge-nf-call-ip6tables = 1
-            net.bridge.bridge-nf-call-iptables = 1
-            kernel.panic_on_oops = 1
-            kernel.panic = 10
-            net.ipv4.ip_forward = 1
-            vm.overcommit_memory = 1
-            fs.inotify.max_user_watches = 1048576
-            fs.inotify.max_user_instances = 8192
+          data: "net.bridge.bridge-nf-call-ip6tables = 1\nnet.bridge.bridge-nf-call-iptables
+            = 1\nkernel.panic_on_oops = 1\nkernel.panic = 10\nnet.ipv4.ip_forward
+            = 1\nnet.ipv6.conf.all.forwarding = 1\n# Configure Linux to accept router
+            advertisements to ensure the default\n# IPv6 route is not removed from
+            the routing table when the Docker service starts.\n# For more information:
+            https://github.com/docker/for-linux/issues/844\nnet.ipv6.conf.all.accept_ra\t\t=
+            2\nvm.overcommit_memory = 1\nfs.inotify.max_user_watches = 1048576\nfs.inotify.max_user_instances
+            = 8192\n"
           encoding: b64
       path: /etc/sysctl.d/k8s.conf
       permissions: 644

pkg/controllers/osc/testdata/osc-ubuntu-aws-dualstack.yaml

@@ -229,15 +229,14 @@ spec:
       permissions: 755
     - content:
         inline:
-          data: |
-            net.bridge.bridge-nf-call-ip6tables = 1
-            net.bridge.bridge-nf-call-iptables = 1
-            kernel.panic_on_oops = 1
-            kernel.panic = 10
-            net.ipv4.ip_forward = 1
-            vm.overcommit_memory = 1
-            fs.inotify.max_user_watches = 1048576
-            fs.inotify.max_user_instances = 8192
+          data: "net.bridge.bridge-nf-call-ip6tables = 1\nnet.bridge.bridge-nf-call-iptables
+            = 1\nkernel.panic_on_oops = 1\nkernel.panic = 10\nnet.ipv4.ip_forward
+            = 1\nnet.ipv6.conf.all.forwarding = 1\n# Configure Linux to accept router
+            advertisements to ensure the default\n# IPv6 route is not removed from
+            the routing table when the Docker service starts.\n# For more information:
+            https://github.com/docker/for-linux/issues/844\nnet.ipv6.conf.all.accept_ra\t\t=
+            2\nvm.overcommit_memory = 1\nfs.inotify.max_user_watches = 1048576\nfs.inotify.max_user_instances
+            = 8192\n"
           encoding: b64
       path: /etc/sysctl.d/k8s.conf
       permissions: 644