allow specifying ipv6 slaac public ranges

Author: Rahul Sharma

api/v1alpha2/linodemachine_types.go

@@ -112,6 +112,18 @@ type LinodeMachineSpec struct {
 	// +optional
 	VPCID *int `json:"vpcID,omitempty"`
 
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Value is immutable"
+	// EnableSLAAC is an option to enable SLAAC (Stateless Address Autoconfiguration) for the instance.
+	// This is useful for IPv6 addresses, allowing the instance to automatically configure its own IPv6 address.
+	// Defaults to false.
+	// +optional
+	EnableSLAAC *bool `json:"enableSLAAC,omitempty"`
+
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Value is immutable"
+	// IsPublicIPv6 is an option to enable public IPv6 for the instance.
+	// If set to true, the instance will have a publicly routable IPv6 range.
+	IsPublicIPv6 *bool `json:"isPublicIPv6,omitempty"`
+
 	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Value is immutable"
 	// +optional
 	// NetworkHelper is an option usually enabled on account level. It helps configure networking automatically for instances.

api/v1alpha2/zz_generated.deepcopy.go

@@ -163,6 +163,15 @@ spec:
                 x-kubernetes-validations:
                 - message: Value is immutable
                   rule: self == oldSelf
+              enableSLAAC:
+                description: |-
+                  EnableSLAAC is an option to enable SLAAC (Stateless Address Autoconfiguration) for the instance.
+                  This is useful for IPv6 addresses, allowing the instance to automatically configure its own IPv6 address.
+                  Defaults to false.
+                type: boolean
+                x-kubernetes-validations:
+                - message: Value is immutable
+                  rule: self == oldSelf
               firewallID:
                 type: integer
                 x-kubernetes-validations:
@@ -264,6 +273,14 @@ spec:
                 x-kubernetes-validations:
                 - message: Value is immutable
                   rule: self == oldSelf
+              isPublicIPv6:
+                description: |-
+                  IsPublicIPv6 is an option to enable public IPv6 for the instance.
+                  If set to true, the instance will have a publicly routable IPv6 range.
+                type: boolean
+                x-kubernetes-validations:
+                - message: Value is immutable
+                  rule: self == oldSelf
               networkHelper:
                 description: |-
                   NetworkHelper is an option usually enabled on account level. It helps configure networking automatically for instances.

config/crd/bases/infrastructure.cluster.x-k8s.io_linodemachines.yaml

@@ -153,6 +153,15 @@ spec:
                         x-kubernetes-validations:
                         - message: Value is immutable
                           rule: self == oldSelf
+                      enableSLAAC:
+                        description: |-
+                          EnableSLAAC is an option to enable SLAAC (Stateless Address Autoconfiguration) for the instance.
+                          This is useful for IPv6 addresses, allowing the instance to automatically configure its own IPv6 address.
+                          Defaults to false.
+                        type: boolean
+                        x-kubernetes-validations:
+                        - message: Value is immutable
+                          rule: self == oldSelf
                       firewallID:
                         type: integer
                         x-kubernetes-validations:
@@ -256,6 +265,14 @@ spec:
                         x-kubernetes-validations:
                         - message: Value is immutable
                           rule: self == oldSelf
+                      isPublicIPv6:
+                        description: |-
+                          IsPublicIPv6 is an option to enable public IPv6 for the instance.
+                          If set to true, the instance will have a publicly routable IPv6 range.
+                        type: boolean
+                        x-kubernetes-validations:
+                        - message: Value is immutable
+                          rule: self == oldSelf
                       networkHelper:
                         description: |-
                           NetworkHelper is an option usually enabled on account level. It helps configure networking automatically for instances.

config/crd/bases/infrastructure.cluster.x-k8s.io_linodemachinetemplates.yaml

@@ -621,6 +621,8 @@ _Appears in:_
 | `firewallRef` _[ObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#objectreference-v1-core)_ | FirewallRef is a reference to a firewall object. This makes the linode use the specified firewall. |  |  |
 | `vpcRef` _[ObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#objectreference-v1-core)_ | VPCRef is a reference to a LinodeVPC resource. If specified, this takes precedence over<br />the cluster-level VPC configuration for multi-region support. |  |  |
 | `vpcID` _integer_ | VPCID is the ID of an existing VPC in Linode. This allows using a VPC that is not managed by CAPL. |  |  |
+| `enableSLAAC` _boolean_ | EnableSLAAC is an option to enable SLAAC (Stateless Address Autoconfiguration) for the instance.<br />This is useful for IPv6 addresses, allowing the instance to automatically configure its own IPv6 address.<br />Defaults to false. |  |  |
+| `isPublicIPv6` _boolean_ | IsPublicIPv6 is an option to enable public IPv6 for the instance.<br />If set to true, the instance will have a publicly routable IPv6 range. |  |  |
 | `networkHelper` _boolean_ | NetworkHelper is an option usually enabled on account level. It helps configure networking automatically for instances.<br />You can use this to enable/disable the network helper for a specific instance.<br />For more information, see https://techdocs.akamai.com/cloud-computing/docs/automatically-configure-networking<br />Defaults to true. |  |  |
 
 

docs/src/reference/out.md

@@ -463,12 +463,12 @@ func getVPCInterfaceConfig(ctx context.Context, machineScope *scope.MachineScope
 
 	subnetName := machineScope.LinodeCluster.Spec.Network.SubnetName // name of subnet to use
 
-	var ipv6RangeConfig []linodego.InstanceConfigInterfaceCreateOptionsIPv6Range
+	var ipv6Config *linodego.InstanceConfigInterfaceCreateOptionsIPv6
 	if subnetName != "" {
 		for _, subnet := range linodeVPC.Spec.Subnets {
 			if subnet.Label == subnetName {
 				subnetID = subnet.SubnetID
-				ipv6RangeConfig = machineIPv6RangeConfig(len(subnet.IPv6))
+				ipv6Config = getMachineIPv6Config(machineScope, len(subnet.IPv6))
 				break
 			}
 		}
@@ -478,7 +478,7 @@ func getVPCInterfaceConfig(ctx context.Context, machineScope *scope.MachineScope
 		}
 	} else {
 		subnetID = linodeVPC.Spec.Subnets[0].SubnetID // get first subnet if nothing specified
-		ipv6RangeConfig = machineIPv6RangeConfig(len(linodeVPC.Spec.Subnets[0].IPv6))
+		ipv6Config = getMachineIPv6Config(machineScope, len(linodeVPC.Spec.Subnets[0].IPv6))
 	}
 
 	if subnetID == 0 {
@@ -488,10 +488,9 @@ func getVPCInterfaceConfig(ctx context.Context, machineScope *scope.MachineScope
 	for i, netInterface := range interfaces {
 		if netInterface.Purpose == linodego.InterfacePurposeVPC {
 			interfaces[i].SubnetID = &subnetID
-			if len(ipv6RangeConfig) > 0 {
-				interfaces[i].IPv6 = &linodego.InstanceConfigInterfaceCreateOptionsIPv6{
-					Ranges: ipv6RangeConfig,
-				}
+			// If IPv6 range config is not empty, add it to the interface configuration
+			if ipv6Config != nil {
+				interfaces[i].IPv6 = ipv6Config
 			}
 			return nil, nil //nolint:nilnil // it is important we don't return an interface if a VPC interface already exists
 		}
@@ -506,11 +505,9 @@ func getVPCInterfaceConfig(ctx context.Context, machineScope *scope.MachineScope
 		},
 	}
 
-	// If IPv6 range config is not empty, add it to the interface configuration
-	if len(ipv6RangeConfig) > 0 {
-		vpcIntfCreateOpts.IPv6 = &linodego.InstanceConfigInterfaceCreateOptionsIPv6{
-			Ranges: ipv6RangeConfig,
-		}
+	// If IPv6 config is not empty, add it to the interface configuration
+	if ipv6Config != nil {
+		vpcIntfCreateOpts.IPv6 = ipv6Config
 	}
 
 	return vpcIntfCreateOpts, nil
@@ -538,12 +535,12 @@ func getVPCInterfaceConfigFromDirectID(ctx context.Context, machineScope *scope.
 	}
 
 	// If subnet name specified, find matching subnet; otherwise use first subnet
-	var ipv6RangeConfig []linodego.InstanceConfigInterfaceCreateOptionsIPv6Range
+	var ipv6Config *linodego.InstanceConfigInterfaceCreateOptionsIPv6
 	if subnetName != "" {
 		for _, subnet := range vpc.Subnets {
 			if subnet.Label == subnetName {
 				subnetID = subnet.ID
-				ipv6RangeConfig = machineIPv6RangeConfig(len(subnet.IPv6))
+				ipv6Config = getMachineIPv6Config(machineScope, len(subnet.IPv6))
 				break
 			}
 		}
@@ -552,17 +549,15 @@ func getVPCInterfaceConfigFromDirectID(ctx context.Context, machineScope *scope.
 		}
 	} else {
 		subnetID = vpc.Subnets[0].ID
-		ipv6RangeConfig = machineIPv6RangeConfig(len(vpc.Subnets[0].IPv6))
+		ipv6Config = getMachineIPv6Config(machineScope, len(vpc.Subnets[0].IPv6))
 	}
 
 	// Check if a VPC interface already exists
 	for i, netInterface := range interfaces {
 		if netInterface.Purpose == linodego.InterfacePurposeVPC {
 			interfaces[i].SubnetID = &subnetID
-			if len(ipv6RangeConfig) > 0 {
-				interfaces[i].IPv6 = &linodego.InstanceConfigInterfaceCreateOptionsIPv6{
-					Ranges: ipv6RangeConfig,
-				}
+			if ipv6Config != nil {
+				interfaces[i].IPv6 = ipv6Config
 			}
 			return nil, nil //nolint:nilnil // it is important we don't return an interface if a VPC interface already exists
 		}
@@ -579,27 +574,45 @@ func getVPCInterfaceConfigFromDirectID(ctx context.Context, machineScope *scope.
 	}
 
 	// If IPv6 range config is not empty, add it to the interface configuration
-	if len(ipv6RangeConfig) > 0 {
-		vpcIntfCreateOpts.IPv6 = &linodego.InstanceConfigInterfaceCreateOptionsIPv6{
-			Ranges: ipv6RangeConfig,
-		}
+	if ipv6Config != nil {
+		vpcIntfCreateOpts.IPv6 = ipv6Config
 	}
 
 	return vpcIntfCreateOpts, nil
 }
 
-// machineIPv6RangeConfig returns the IPv6 range configuration if subnet has IPv6 ranges.
+// getMachineIPv6Config returns the IPv6 configuration if subnet has IPv6 ranges.
 // For now, we support only a single IPv6 range for machine per subnet.
-// If this changes, we may need to adjust this logic.
-func machineIPv6RangeConfig(numIPv6RangesInSubnet int) []linodego.InstanceConfigInterfaceCreateOptionsIPv6Range {
+// If SLAAC is enabled, we create an IPv6 configuration with the SLAAC range.
+// If SLAAC is not enabled, we create an IPv6 configuration with the default range.
+// If no IPv6 ranges are available in the subnet, it returns nil.
+// If `IsPublicIPv6` is set, it will be used to determine if the IPv6 range should be publicly routable or not.
+func getMachineIPv6Config(machineScope *scope.MachineScope, numIPv6RangesInSubnet int) *linodego.InstanceConfigInterfaceCreateOptionsIPv6 {
 	if numIPv6RangesInSubnet == 0 {
-		return nil // No IPv6 ranges available in subnet, return empty slice
+		return nil // No IPv6 ranges available in subnet, return nil
 	}
-	return []linodego.InstanceConfigInterfaceCreateOptionsIPv6Range{
-		{
-			Range: ptr.To(defaultNodeIPv6CIDRRange),
-		},
+
+	intfOpts := &linodego.InstanceConfigInterfaceCreateOptionsIPv6{}
+	if machineScope.LinodeMachine.Spec.IsPublicIPv6 != nil {
+		// Set the public IPv6 flag based on the IsPublicIPv6 specification.
+		intfOpts.IsPublic = machineScope.LinodeMachine.Spec.IsPublicIPv6
 	}
+
+	if machineScope.LinodeMachine.Spec.EnableSLAAC != nil && *machineScope.LinodeMachine.Spec.EnableSLAAC {
+		intfOpts.SLAAC = []linodego.InstanceConfigInterfaceCreateOptionsIPv6SLAAC{
+			{
+				Range: defaultNodeIPv6CIDRRange,
+			},
+		}
+	} else {
+		intfOpts.Ranges = []linodego.InstanceConfigInterfaceCreateOptionsIPv6Range{
+			{
+				Range: ptr.To(defaultNodeIPv6CIDRRange),
+			},
+		}
+	}
+
+	return intfOpts
 }
 
 func linodeMachineSpecToInstanceCreateConfig(machineSpec infrav1alpha2.LinodeMachineSpec, machineTags []string) *linodego.InstanceCreateOptions {

internal/controller/linodemachine_controller_helpers.go

@@ -409,7 +409,9 @@ func validateInterfaceExpectations(
 	if expectInterface {
 		require.NotNil(t, iface)
 		require.Equal(t, linodego.InterfacePurposeVPC, iface.Purpose)
-		if iface.IPv6 != nil {
+		if iface.IPv6 != nil && iface.IPv6.SLAAC != nil {
+			require.Equal(t, defaultNodeIPv6CIDRRange, iface.IPv6.SLAAC[0].Range)
+		} else if iface.IPv6 != nil && iface.IPv6.Ranges != nil {
 			require.Equal(t, defaultNodeIPv6CIDRRange, *iface.IPv6.Ranges[0].Range)
 		}
 		require.True(t, iface.Primary)
@@ -485,6 +487,35 @@ func TestGetVPCInterfaceConfigFromDirectID(t *testing.T) {
 			expectInterface: true,
 			expectSubnetID:  789, // Matching subnet ID
 		},
+		{
+			name:       "Success - Valid VPC with subnets and ipv6 ranges, specific subnet name",
+			vpcID:      123,
+			interfaces: []linodego.InstanceConfigInterfaceCreateOptions{},
+			subnetName: "subnet-2",
+			mockSetup: func(mockLinodeClient *mock.MockLinodeClient) {
+				mockLinodeClient.EXPECT().GetVPC(gomock.Any(), 123).Return(&linodego.VPC{
+					ID: 123,
+					Subnets: []linodego.VPCSubnet{
+						{
+							ID:    456,
+							Label: "subnet-1",
+						},
+						{
+							ID:    789,
+							Label: "subnet-2",
+							IPv6: []linodego.VPCIPv6Range{
+								{
+									Range: "2001:0db8::/56",
+								},
+							},
+						},
+					},
+				}, nil)
+			},
+			expectErr:       false,
+			expectInterface: true,
+			expectSubnetID:  789, // Matching subnet ID
+		},
 		{
 			name:  "Success - VPC interface already exists",
 			vpcID: 123,
@@ -1176,7 +1207,10 @@ func TestGetVPCInterfaceConfig(t *testing.T) {
 					ObjectMeta: metav1.ObjectMeta{
 						Namespace: "default",
 					},
-					Spec: infrav1alpha2.LinodeMachineSpec{},
+					Spec: infrav1alpha2.LinodeMachineSpec{
+						EnableSLAAC:  ptr.To(true),
+						IsPublicIPv6: ptr.To(true),
+					},
 				},
 				LinodeCluster: &infrav1alpha2.LinodeCluster{
 					Spec: infrav1alpha2.LinodeClusterSpec{