From a9afdac9cd2f3de6f6914155d9e0ee9b241178db Mon Sep 17 00:00:00 2001 From: Kubermatic Bot <41968677+kubermatic-bot@users.noreply.github.com> Date: Wed, 12 Jul 2023 14:44:36 +0200 Subject: [PATCH] Enable IPv6 forwarding in default OSPs (#299) Signed-off-by: Waleed Malik Co-authored-by: Waleed Malik --- deploy/osps/default/osp-amzn2.yaml | 9 ++++++++- deploy/osps/default/osp-centos.yaml | 9 ++++++++- deploy/osps/default/osp-flatcar-cloud-init.yaml | 9 ++++++++- deploy/osps/default/osp-flatcar.yaml | 9 ++++++++- deploy/osps/default/osp-rhel.yaml | 9 ++++++++- deploy/osps/default/osp-rockylinux.yaml | 9 ++++++++- deploy/osps/default/osp-ubuntu.yaml | 9 ++++++++- .../osc-ubuntu-aws-dualstack-IPv6+IPv4.yaml | 17 ++++++++--------- .../osc/testdata/osc-ubuntu-aws-dualstack.yaml | 17 ++++++++--------- ...tu-aws-dualstack-IPv6+IPv4-provisioning.yaml | 2 +- ...ecret-ubuntu-aws-dualstack-provisioning.yaml | 2 +- 11 files changed, 74 insertions(+), 27 deletions(-) diff --git a/deploy/osps/default/osp-amzn2.yaml b/deploy/osps/default/osp-amzn2.yaml index f6feecce..007402b7 100644 --- a/deploy/osps/default/osp-amzn2.yaml +++ b/deploy/osps/default/osp-amzn2.yaml @@ -20,7 +20,7 @@ metadata: spec: osName: "amzn2" osVersion: "2.0" - version: "v1.3.0" + version: "v1.3.1" provisioningUtility: "cloud-init" supportedCloudProviders: - name: "aws" @@ -415,6 +415,13 @@ spec: kernel.panic_on_oops = 1 kernel.panic = 10 net.ipv4.ip_forward = 1 + {{- if or (eq .NetworkIPFamily "IPv4+IPv6") (eq .NetworkIPFamily "IPv6+IPv4") (eq .NetworkIPFamily "IPv6") }} + net.ipv6.conf.all.forwarding = 1 + # Configure Linux to accept router advertisements to ensure the default + # IPv6 route is not removed from the routing table when the Docker service starts. + # For more information: https://github.com/docker/for-linux/issues/844 + net.ipv6.conf.all.accept_ra = 2 + {{- end }} vm.overcommit_memory = 1 fs.inotify.max_user_watches = 1048576 fs.inotify.max_user_instances = 8192 diff --git a/deploy/osps/default/osp-centos.yaml b/deploy/osps/default/osp-centos.yaml index 3a6166f7..f6b48f7b 100644 --- a/deploy/osps/default/osp-centos.yaml +++ b/deploy/osps/default/osp-centos.yaml @@ -20,7 +20,7 @@ metadata: spec: osName: "centos" osVersion: "7.7" - version: "v1.3.0" + version: "v1.3.1" provisioningUtility: "cloud-init" supportedCloudProviders: - name: "alibaba" @@ -437,6 +437,13 @@ spec: kernel.panic_on_oops = 1 kernel.panic = 10 net.ipv4.ip_forward = 1 + {{- if or (eq .NetworkIPFamily "IPv4+IPv6") (eq .NetworkIPFamily "IPv6+IPv4") (eq .NetworkIPFamily "IPv6") }} + net.ipv6.conf.all.forwarding = 1 + # Configure Linux to accept router advertisements to ensure the default + # IPv6 route is not removed from the routing table when the Docker service starts. + # For more information: https://github.com/docker/for-linux/issues/844 + net.ipv6.conf.all.accept_ra = 2 + {{- end }} vm.overcommit_memory = 1 fs.inotify.max_user_watches = 1048576 fs.inotify.max_user_instances = 8192 diff --git a/deploy/osps/default/osp-flatcar-cloud-init.yaml b/deploy/osps/default/osp-flatcar-cloud-init.yaml index df8380fa..a96740ce 100644 --- a/deploy/osps/default/osp-flatcar-cloud-init.yaml +++ b/deploy/osps/default/osp-flatcar-cloud-init.yaml @@ -21,7 +21,7 @@ spec: osName: flatcar ## Flatcar Stable (09/11/2021) osVersion: "2983.2.0" - version: "v1.3.0" + version: "v1.3.1" provisioningUtility: "cloud-init" supportedCloudProviders: - name: "anexia" @@ -421,6 +421,13 @@ spec: kernel.panic_on_oops = 1 kernel.panic = 10 net.ipv4.ip_forward = 1 + {{- if or (eq .NetworkIPFamily "IPv4+IPv6") (eq .NetworkIPFamily "IPv6+IPv4") (eq .NetworkIPFamily "IPv6") }} + net.ipv6.conf.all.forwarding = 1 + # Configure Linux to accept router advertisements to ensure the default + # IPv6 route is not removed from the routing table when the Docker service starts. + # For more information: https://github.com/docker/for-linux/issues/844 + net.ipv6.conf.all.accept_ra = 2 + {{- end }} vm.overcommit_memory = 1 fs.inotify.max_user_watches = 1048576 fs.inotify.max_user_instances = 8192 diff --git a/deploy/osps/default/osp-flatcar.yaml b/deploy/osps/default/osp-flatcar.yaml index ef4b3db0..494cfd23 100644 --- a/deploy/osps/default/osp-flatcar.yaml +++ b/deploy/osps/default/osp-flatcar.yaml @@ -21,7 +21,7 @@ spec: osName: flatcar ## Flatcar Stable (09/11/2021) osVersion: "2983.2.0" - version: "v1.3.0" + version: "v1.3.1" provisioningUtility: "ignition" supportedCloudProviders: - name: "aws" @@ -411,6 +411,13 @@ spec: kernel.panic_on_oops = 1 kernel.panic = 10 net.ipv4.ip_forward = 1 + {{- if or (eq .NetworkIPFamily "IPv4+IPv6") (eq .NetworkIPFamily "IPv6+IPv4") (eq .NetworkIPFamily "IPv6") }} + net.ipv6.conf.all.forwarding = 1 + # Configure Linux to accept router advertisements to ensure the default + # IPv6 route is not removed from the routing table when the Docker service starts. + # For more information: https://github.com/docker/for-linux/issues/844 + net.ipv6.conf.all.accept_ra = 2 + {{- end }} vm.overcommit_memory = 1 fs.inotify.max_user_watches = 1048576 fs.inotify.max_user_instances = 8192 diff --git a/deploy/osps/default/osp-rhel.yaml b/deploy/osps/default/osp-rhel.yaml index a6424531..819dbbb7 100644 --- a/deploy/osps/default/osp-rhel.yaml +++ b/deploy/osps/default/osp-rhel.yaml @@ -20,7 +20,7 @@ metadata: spec: osName: "rhel" osVersion: "8.5" - version: "v1.3.0" + version: "v1.3.1" provisioningUtility: "cloud-init" supportedCloudProviders: - name: "aws" @@ -427,6 +427,13 @@ spec: kernel.panic_on_oops = 1 kernel.panic = 10 net.ipv4.ip_forward = 1 + {{- if or (eq .NetworkIPFamily "IPv4+IPv6") (eq .NetworkIPFamily "IPv6+IPv4") (eq .NetworkIPFamily "IPv6") }} + net.ipv6.conf.all.forwarding = 1 + # Configure Linux to accept router advertisements to ensure the default + # IPv6 route is not removed from the routing table when the Docker service starts. + # For more information: https://github.com/docker/for-linux/issues/844 + net.ipv6.conf.all.accept_ra = 2 + {{- end }} vm.overcommit_memory = 1 fs.inotify.max_user_watches = 1048576 fs.inotify.max_user_instances = 8192 diff --git a/deploy/osps/default/osp-rockylinux.yaml b/deploy/osps/default/osp-rockylinux.yaml index a50ffe78..d1795ceb 100644 --- a/deploy/osps/default/osp-rockylinux.yaml +++ b/deploy/osps/default/osp-rockylinux.yaml @@ -20,7 +20,7 @@ metadata: spec: osName: "rockylinux" osVersion: "8.6" - version: "v1.3.0" + version: "v1.3.1" provisioningUtility: "cloud-init" supportedCloudProviders: - name: "aws" @@ -431,6 +431,13 @@ spec: kernel.panic_on_oops = 1 kernel.panic = 10 net.ipv4.ip_forward = 1 + {{- if or (eq .NetworkIPFamily "IPv4+IPv6") (eq .NetworkIPFamily "IPv6+IPv4") (eq .NetworkIPFamily "IPv6") }} + net.ipv6.conf.all.forwarding = 1 + # Configure Linux to accept router advertisements to ensure the default + # IPv6 route is not removed from the routing table when the Docker service starts. + # For more information: https://github.com/docker/for-linux/issues/844 + net.ipv6.conf.all.accept_ra = 2 + {{- end }} vm.overcommit_memory = 1 fs.inotify.max_user_watches = 1048576 fs.inotify.max_user_instances = 8192 diff --git a/deploy/osps/default/osp-ubuntu.yaml b/deploy/osps/default/osp-ubuntu.yaml index 17bcc38d..08235aa9 100644 --- a/deploy/osps/default/osp-ubuntu.yaml +++ b/deploy/osps/default/osp-ubuntu.yaml @@ -20,7 +20,7 @@ metadata: spec: osName: "ubuntu" osVersion: "20.04" - version: "v1.3.0" + version: "v1.3.1" provisioningUtility: "cloud-init" supportedCloudProviders: - name: "alibaba" @@ -451,6 +451,13 @@ spec: kernel.panic_on_oops = 1 kernel.panic = 10 net.ipv4.ip_forward = 1 + {{- if or (eq .NetworkIPFamily "IPv4+IPv6") (eq .NetworkIPFamily "IPv6+IPv4") (eq .NetworkIPFamily "IPv6") }} + net.ipv6.conf.all.forwarding = 1 + # Configure Linux to accept router advertisements to ensure the default + # IPv6 route is not removed from the routing table when the Docker service starts. + # For more information: https://github.com/docker/for-linux/issues/844 + net.ipv6.conf.all.accept_ra = 2 + {{- end }} vm.overcommit_memory = 1 fs.inotify.max_user_watches = 1048576 fs.inotify.max_user_instances = 8192 diff --git a/pkg/controllers/osc/testdata/osc-ubuntu-aws-dualstack-IPv6+IPv4.yaml b/pkg/controllers/osc/testdata/osc-ubuntu-aws-dualstack-IPv6+IPv4.yaml index 39721699..5035e24c 100644 --- a/pkg/controllers/osc/testdata/osc-ubuntu-aws-dualstack-IPv6+IPv4.yaml +++ b/pkg/controllers/osc/testdata/osc-ubuntu-aws-dualstack-IPv6+IPv4.yaml @@ -229,15 +229,14 @@ spec: permissions: 755 - content: inline: - data: | - net.bridge.bridge-nf-call-ip6tables = 1 - net.bridge.bridge-nf-call-iptables = 1 - kernel.panic_on_oops = 1 - kernel.panic = 10 - net.ipv4.ip_forward = 1 - vm.overcommit_memory = 1 - fs.inotify.max_user_watches = 1048576 - fs.inotify.max_user_instances = 8192 + data: "net.bridge.bridge-nf-call-ip6tables = 1\nnet.bridge.bridge-nf-call-iptables + = 1\nkernel.panic_on_oops = 1\nkernel.panic = 10\nnet.ipv4.ip_forward + = 1\nnet.ipv6.conf.all.forwarding = 1\n# Configure Linux to accept router + advertisements to ensure the default\n# IPv6 route is not removed from + the routing table when the Docker service starts.\n# For more information: + https://github.com/docker/for-linux/issues/844\nnet.ipv6.conf.all.accept_ra\t\t= + 2\nvm.overcommit_memory = 1\nfs.inotify.max_user_watches = 1048576\nfs.inotify.max_user_instances + = 8192\n" encoding: b64 path: /etc/sysctl.d/k8s.conf permissions: 644 diff --git a/pkg/controllers/osc/testdata/osc-ubuntu-aws-dualstack.yaml b/pkg/controllers/osc/testdata/osc-ubuntu-aws-dualstack.yaml index db88283f..d929c559 100644 --- a/pkg/controllers/osc/testdata/osc-ubuntu-aws-dualstack.yaml +++ b/pkg/controllers/osc/testdata/osc-ubuntu-aws-dualstack.yaml @@ -229,15 +229,14 @@ spec: permissions: 755 - content: inline: - data: | - net.bridge.bridge-nf-call-ip6tables = 1 - net.bridge.bridge-nf-call-iptables = 1 - kernel.panic_on_oops = 1 - kernel.panic = 10 - net.ipv4.ip_forward = 1 - vm.overcommit_memory = 1 - fs.inotify.max_user_watches = 1048576 - fs.inotify.max_user_instances = 8192 + data: "net.bridge.bridge-nf-call-ip6tables = 1\nnet.bridge.bridge-nf-call-iptables + = 1\nkernel.panic_on_oops = 1\nkernel.panic = 10\nnet.ipv4.ip_forward + = 1\nnet.ipv6.conf.all.forwarding = 1\n# Configure Linux to accept router + advertisements to ensure the default\n# IPv6 route is not removed from + the routing table when the Docker service starts.\n# For more information: + https://github.com/docker/for-linux/issues/844\nnet.ipv6.conf.all.accept_ra\t\t= + 2\nvm.overcommit_memory = 1\nfs.inotify.max_user_watches = 1048576\nfs.inotify.max_user_instances + = 8192\n" encoding: b64 path: /etc/sysctl.d/k8s.conf permissions: 644 diff --git a/pkg/controllers/osc/testdata/secret-ubuntu-aws-dualstack-IPv6+IPv4-provisioning.yaml b/pkg/controllers/osc/testdata/secret-ubuntu-aws-dualstack-IPv6+IPv4-provisioning.yaml index b4d444a7..5a74b1a6 100644 --- a/pkg/controllers/osc/testdata/secret-ubuntu-aws-dualstack-IPv6+IPv4-provisioning.yaml +++ b/pkg/controllers/osc/testdata/secret-ubuntu-aws-dualstack-IPv6+IPv4-provisioning.yaml @@ -1,6 +1,6 @@ apiVersion: v1 data: - cloud-config:  + cloud-config:  immutable: true kind: Secret metadata: diff --git a/pkg/controllers/osc/testdata/secret-ubuntu-aws-dualstack-provisioning.yaml b/pkg/controllers/osc/testdata/secret-ubuntu-aws-dualstack-provisioning.yaml index aaec17b2..c4267ba8 100644 --- a/pkg/controllers/osc/testdata/secret-ubuntu-aws-dualstack-provisioning.yaml +++ b/pkg/controllers/osc/testdata/secret-ubuntu-aws-dualstack-provisioning.yaml @@ -1,6 +1,6 @@ apiVersion: v1 data: - cloud-config:  + cloud-config:  immutable: true kind: Secret metadata: