fix: add dual-stack support for kubelet node-ip

Author: mikn

bottlerocket-settings-models/modeled-types/src/kubernetes.rs

@@ -1315,6 +1315,191 @@ mod test_cluster_dns_ip {
     }
 }
 
+// =^..^=   =^..^=   =^..^=   =^..^=   =^..^=   =^..^=   =^..^=   =^..^=   =^..^=
+
+/// KubernetesNodeIp represents the --node-ip setting for kubelet.
+///
+/// This model allows the value to be either a single IP (IPv4 or IPv6) or a
+/// dual-stack format (IPv4,IPv6) for bare metal dual-stack nodes.
+#[derive(Debug, Clone, Eq, PartialEq, Hash)]
+pub struct KubernetesNodeIp {
+    inner: String,
+}
+
+impl KubernetesNodeIp {
+    /// Returns the IP addresses as a comma-separated string
+    pub fn as_str(&self) -> &str {
+        &self.inner
+    }
+
+    /// Returns an iterator over the IP addresses
+    pub fn iter(&self) -> impl Iterator<Item = IpAddr> + '_ {
+        self.inner.split(',').filter_map(|s| s.trim().parse().ok())
+    }
+}
+
+impl TryFrom<&str> for KubernetesNodeIp {
+    type Error = error::Error;
+
+    fn try_from(input: &str) -> Result<Self, Self::Error> {
+        let input = input.trim();
+
+        // Split by comma to check if it's dual-stack
+        let parts: Vec<&str> = input.split(',').map(|s| s.trim()).collect();
+
+        match parts.as_slice() {
+            [single_ip] => {
+                // Single IP - must be valid IPv4 or IPv6
+                single_ip
+                    .parse::<IpAddr>()
+                    .map_err(|_| error::Error::BigPattern {
+                        thing: "Kubernetes node IP".to_string(),
+                        input: input.to_string(),
+                    })?;
+            }
+            [ip1_str, ip2_str] => {
+                // Dual-stack - must be one IPv4 and one IPv6
+                let ip1 = ip1_str
+                    .parse::<IpAddr>()
+                    .map_err(|_| error::Error::BigPattern {
+                        thing: "Kubernetes node IP".to_string(),
+                        input: input.to_string(),
+                    })?;
+                let ip2 = ip2_str
+                    .parse::<IpAddr>()
+                    .map_err(|_| error::Error::BigPattern {
+                        thing: "Kubernetes node IP".to_string(),
+                        input: input.to_string(),
+                    })?;
+
+                // Ensure one is IPv4 and one is IPv6
+                let has_v4 = ip1.is_ipv4() || ip2.is_ipv4();
+                let has_v6 = ip1.is_ipv6() || ip2.is_ipv6();
+                let same_version =
+                    (ip1.is_ipv4() && ip2.is_ipv4()) || (ip1.is_ipv6() && ip2.is_ipv6());
+
+                ensure!(
+                    has_v4 && has_v6 && !same_version,
+                    error::BigPatternSnafu {
+                        thing: "Kubernetes node IP (dual-stack must have one IPv4 and one IPv6)",
+                        input
+                    }
+                );
+            }
+            _ => {
+                return Err(error::Error::BigPattern {
+                    thing: "Kubernetes node IP (must be single IP or dual-stack IPv4,IPv6)"
+                        .to_string(),
+                    input: input.to_string(),
+                });
+            }
+        }
+
+        Ok(KubernetesNodeIp {
+            inner: input.to_string(),
+        })
+    }
+}
+
+impl Display for KubernetesNodeIp {
+    fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result {
+        write!(f, "{}", self.inner)
+    }
+}
+
+impl Serialize for KubernetesNodeIp {
+    fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
+    where
+        S: Serializer,
+    {
+        serializer.serialize_str(&self.inner)
+    }
+}
+
+impl<'de> Deserialize<'de> for KubernetesNodeIp {
+    fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
+    where
+        D: Deserializer<'de>,
+    {
+        let s = String::deserialize(deserializer)?;
+        KubernetesNodeIp::try_from(s.as_str()).map_err(serde::de::Error::custom)
+    }
+}
+
+#[cfg(test)]
+mod test_kubernetes_node_ip {
+    use super::KubernetesNodeIp;
+    use std::convert::TryFrom;
+
+    #[test]
+    fn test_single_ipv4() {
+        let node_ip = KubernetesNodeIp::try_from("192.168.1.1").unwrap();
+        assert_eq!(node_ip.as_str(), "192.168.1.1");
+    }
+
+    #[test]
+    fn test_single_ipv6() {
+        let node_ip = KubernetesNodeIp::try_from("2001:db8::1").unwrap();
+        assert_eq!(node_ip.as_str(), "2001:db8::1");
+    }
+
+    #[test]
+    fn test_dual_stack_ipv4_ipv6() {
+        let node_ip = KubernetesNodeIp::try_from("192.168.1.1,2001:db8::1").unwrap();
+        assert_eq!(node_ip.as_str(), "192.168.1.1,2001:db8::1");
+    }
+
+    #[test]
+    fn test_dual_stack_ipv6_ipv4() {
+        let node_ip = KubernetesNodeIp::try_from("2001:db8::1,192.168.1.1").unwrap();
+        assert_eq!(node_ip.as_str(), "2001:db8::1,192.168.1.1");
+    }
+
+    #[test]
+    fn test_dual_stack_with_spaces() {
+        let node_ip = KubernetesNodeIp::try_from("192.168.1.1, 2001:db8::1").unwrap();
+        assert_eq!(node_ip.as_str(), "192.168.1.1, 2001:db8::1");
+    }
+
+    #[test]
+    fn test_invalid_single_ip() {
+        assert!(KubernetesNodeIp::try_from("invalid").is_err());
+    }
+
+    #[test]
+    fn test_invalid_dual_stack_same_version_v4() {
+        // Both IPv4 should fail
+        assert!(KubernetesNodeIp::try_from("192.168.1.1,10.0.0.1").is_err());
+    }
+
+    #[test]
+    fn test_invalid_dual_stack_same_version_v6() {
+        // Both IPv6 should fail
+        assert!(KubernetesNodeIp::try_from("2001:db8::1,2001:db8::2").is_err());
+    }
+
+    #[test]
+    fn test_invalid_too_many_ips() {
+        assert!(KubernetesNodeIp::try_from("192.168.1.1,2001:db8::1,10.0.0.1").is_err());
+    }
+
+    #[test]
+    fn test_serde_single_ipv4() {
+        let json = r#""192.168.1.1""#;
+        let node_ip: KubernetesNodeIp = serde_json::from_str(json).unwrap();
+        assert_eq!(node_ip.as_str(), "192.168.1.1");
+        assert_eq!(serde_json::to_string(&node_ip).unwrap(), json);
+    }
+
+    #[test]
+    fn test_serde_dual_stack() {
+        let json = r#""192.168.1.1,2001:db8::1""#;
+        let node_ip: KubernetesNodeIp = serde_json::from_str(json).unwrap();
+        assert_eq!(node_ip.as_str(), "192.168.1.1,2001:db8::1");
+        assert_eq!(serde_json::to_string(&node_ip).unwrap(), json);
+    }
+}
+
 type EnvVarMap = HashMap<SingleLineString, SingleLineString>;
 
 /// CredentialProvider contains the settings for a credential provider for use

bottlerocket-settings-models/settings-extensions/kubernetes/src/lib.rs

@@ -6,17 +6,16 @@ use bottlerocket_modeled_types::{
     KubernetesCloudProvider, KubernetesClusterDnsIp, KubernetesClusterName,
     KubernetesDurationValue, KubernetesEvictionKey, KubernetesHostnameOverrideSource,
     KubernetesLabelKey, KubernetesLabelValue, KubernetesMemoryManagerPolicy,
-    KubernetesMemoryReservation, KubernetesMemorySwapBehavior, KubernetesQuantityValue,
-    KubernetesReservedResourceKey, KubernetesTaintValue, KubernetesThresholdValue,
-    NonNegativeInteger, SingleLineString, TopologyManagerPolicy, TopologyManagerScope, Url,
-    ValidBase64, ValidLinuxHostname,
+    KubernetesMemoryReservation, KubernetesMemorySwapBehavior, KubernetesNodeIp,
+    KubernetesQuantityValue, KubernetesReservedResourceKey, KubernetesTaintValue,
+    KubernetesThresholdValue, NonNegativeInteger, SingleLineString, TopologyManagerPolicy,
+    TopologyManagerScope, Url, ValidBase64, ValidLinuxHostname,
 };
 use bottlerocket_settings_sdk::{GenerateResult, SettingsModel};
 
 use self::de::deserialize_node_taints;
 use std::collections::HashMap;
 use std::convert::Infallible;
-use std::net::IpAddr;
 
 mod de;
 
@@ -93,7 +92,7 @@ pub struct KubernetesSettingsV1 {
     max_pods: u32,
     cluster_dns_ip: KubernetesClusterDnsIp,
     cluster_domain: DNSDomain,
-    node_ip: IpAddr,
+    node_ip: KubernetesNodeIp,
     pod_infra_container_image: SingleLineString,
     hostname_override: ValidLinuxHostname,
 }