Merge pull request #3914 from Skarlso/fix_ipv6_self_managed_vpc

k8s-ci-robot · web-flow · commit 9488cb54b2db · 2022-12-08T04:06:25.000-08:00
Only enable IPv6 if it's already enabled in the config
diff --git a/docs/book/src/topics/eks/ipv6-enabled-cluster.md b/docs/book/src/topics/eks/ipv6-enabled-cluster.md
@@ -43,6 +43,21 @@ spec:
         cidrBlock: "2009:1234:ff00::/56"
 ```
 
+If you have a VPC that is IPv6 enabled and you would like to use it, please define it in the config:
+
+```yaml
+spec:
+  network:
+    vpc:
+      ipv6: {}
+```
+
+This has to be done explicitly because otherwise, it would break in the following two scenarios:
+- During an upgrade from 1.5 to >=2.0 where the VPC is ipv6 enabled, but CAPA was only recently made aware
+- During a migration on the VPC, switching it from only IPv4 to Dual Stack ( it would see that ipv6 is enabled and
+  enforce it while doing that would not have been the intention of the user )
+
+
 ### Requirements
 
 The use of a Nitro enabled instance is required. To see a list of nitro instances in your region
diff --git a/pkg/cloud/services/network/vpc.go b/pkg/cloud/services/network/vpc.go
@@ -52,7 +52,9 @@ func (s *Service) reconcileVPC() error {
 
 		s.scope.VPC().CidrBlock = vpc.CidrBlock
 		s.scope.VPC().Tags = vpc.Tags
-		s.scope.VPC().IPv6 = vpc.IPv6
+		if s.scope.VPC().IsIPv6Enabled() {
+			s.scope.VPC().IPv6 = vpc.IPv6
+		}
 
 		// If VPC is unmanaged, return early.
 		if vpc.IsUnmanaged(s.scope.Name()) {
diff --git a/pkg/cloud/services/network/vpc_test.go b/pkg/cloud/services/network/vpc_test.go
@@ -351,8 +351,13 @@ func TestReconcileVPC(t *testing.T) {
 			},
 		},
 		{
-			name:  "should set up IPv6 associations if found VPC is IPv6 enabled",
-			input: &infrav1.VPCSpec{ID: "unmanaged-vpc-exists", AvailabilityZoneUsageLimit: &usageLimit, AvailabilityZoneSelection: &selection},
+			name: "should set up IPv6 associations if found VPC is IPv6 enabled",
+			input: &infrav1.VPCSpec{
+				ID:                         "unmanaged-vpc-exists",
+				IPv6:                       &infrav1.IPv6{},
+				AvailabilityZoneUsageLimit: &usageLimit,
+				AvailabilityZoneSelection:  &selection,
+			},
 			want: &infrav1.VPCSpec{
 				ID:        "unmanaged-vpc-exists",
 				CidrBlock: "10.0.0.0/8",
