add flag to enable/disable ipv6 allocation logic

Author: Rahul Sharma

cloud/linode/cloud.go

@@ -55,6 +55,7 @@ var Options struct {
 	GlobalStopChannel                 chan<- struct{}
 	EnableIPv6ForLoadBalancers        bool
 	AllocateNodeCIDRs                 bool
+	DisableIPv6NodeCIDRAllocation     bool
 	ClusterCIDRIPv4                   string
 	NodeCIDRMaskSizeIPv4              int
 	NodeCIDRMaskSizeIPv6              int

cloud/linode/nodeipamcontroller.go

@@ -86,6 +86,7 @@ func startNodeIpamController(stopCh <-chan struct{}, cloud *linodeCloud, nodeInf
 		secondaryServiceCIDR,
 		nodeCIDRMaskSizes,
 		ipam.CloudAllocatorType,
+		Options.DisableIPv6NodeCIDRAllocation,
 	)
 	if err != nil {
 		return err

cloud/nodeipam/ipam/cidr_allocator.go

@@ -92,7 +92,8 @@ type CIDRAllocatorParams struct {
 	// SecondaryServiceCIDR is secondary service cidr for cluster.
 	SecondaryServiceCIDR *net.IPNet
 	// NodeCIDRMaskSizes is list of node cidr mask sizes.
-	NodeCIDRMaskSizes []int
+	NodeCIDRMaskSizes             []int
+	DisableIPv6NodeCIDRAllocation bool
 }
 
 // New creates a new CIDR range allocator.

cloud/nodeipam/ipam/cloud_allocator.go

@@ -68,6 +68,8 @@ type cloudAllocator struct {
 
 	// nodeCIDRMaskSizeIPv6 is the mask size for the IPv6 CIDR assigned to nodes.
 	nodeCIDRMaskSizeIPv6 int
+	// disableIPv6NodeCIDRAllocation is true if we should not allocate IPv6 CIDRs for nodes.
+	disableIPv6NodeCIDRAllocation bool
 }
 
 const providerIDPrefix = "linode://"
@@ -96,16 +98,17 @@ func NewLinodeCIDRAllocator(ctx context.Context, linodeClient linode.Client, cli
 	}
 
 	ca := &cloudAllocator{
-		client:               client,
-		linodeClient:         linodeClient,
-		clusterCIDR:          allocatorParams.ClusterCIDRs[0],
-		cidrSet:              cidrSet,
-		nodeLister:           nodeInformer.Lister(),
-		nodesSynced:          nodeInformer.Informer().HasSynced,
-		broadcaster:          eventBroadcaster,
-		recorder:             recorder,
-		queue:                workqueue.NewNamedRateLimitingQueue(workqueue.DefaultTypedControllerRateLimiter[any](), "cidrallocator_node"),
-		nodeCIDRMaskSizeIPv6: allocatorParams.NodeCIDRMaskSizes[1],
+		client:                        client,
+		linodeClient:                  linodeClient,
+		clusterCIDR:                   allocatorParams.ClusterCIDRs[0],
+		cidrSet:                       cidrSet,
+		nodeLister:                    nodeInformer.Lister(),
+		nodesSynced:                   nodeInformer.Informer().HasSynced,
+		broadcaster:                   eventBroadcaster,
+		recorder:                      recorder,
+		queue:                         workqueue.NewNamedRateLimitingQueue(workqueue.DefaultTypedControllerRateLimiter[any](), "cidrallocator_node"),
+		nodeCIDRMaskSizeIPv6:          allocatorParams.NodeCIDRMaskSizes[1],
+		disableIPv6NodeCIDRAllocation: allocatorParams.DisableIPv6NodeCIDRAllocation,
 	}
 
 	if allocatorParams.ServiceCIDR != nil {
@@ -393,13 +396,26 @@ func (c *cloudAllocator) AllocateOrOccupyCIDR(ctx context.Context, node *v1.Node
 		return fmt.Errorf("failed to allocate cidr from cluster cidr: %w", err)
 	}
 	allocatedCIDRs[0] = podCIDR
+
+	// If IPv6 CIDR allocation is disabled, log and return early.
+	if c.disableIPv6NodeCIDRAllocation {
+		logger.V(4).Info("IPv6 CIDR allocation disabled; using only IPv4", "node", klog.KObj(node))
+		return c.enqueueCIDRUpdate(ctx, node.Name, allocatedCIDRs)
+	}
+	// Allocate IPv6 CIDR for the node.
+	logger.V(4).Info("Allocating IPv6 CIDR", "node", klog.KObj(node))
 	if allocatedCIDRs[1], err = c.allocateIPv6CIDR(ctx, node); err != nil {
 		return fmt.Errorf("failed to assign IPv6 CIDR: %w", err)
 	}
 
-	// queue the assignment
-	logger.V(4).Info("Putting node with CIDR into the work queue", "node", klog.KObj(node), "CIDR", allocatedCIDRs)
-	return c.updateCIDRsAllocation(ctx, node.Name, allocatedCIDRs)
+	return c.enqueueCIDRUpdate(ctx, node.Name, allocatedCIDRs)
+}
+
+// enqueueCIDRUpdate adds the node name and CIDRs to the work queue for processing.
+func (c *cloudAllocator) enqueueCIDRUpdate(ctx context.Context, nodeName string, cidrs []*net.IPNet) error {
+	logger := klog.FromContext(ctx)
+	logger.V(4).Info("Putting node with CIDR into the work queue", "node", nodeName, "CIDR", cidrs)
+	return c.updateCIDRsAllocation(ctx, nodeName, cidrs)
 }
 
 // ReleaseCIDR marks node.podCIDRs[...] as unused in our tracked cidrSets

cloud/nodeipam/node_ipam_controller.go

@@ -51,7 +51,8 @@ type Controller struct {
 	nodeLister         corelisters.NodeLister
 	nodeInformerSynced cache.InformerSynced
 
-	cidrAllocator ipam.CIDRAllocator
+	cidrAllocator                 ipam.CIDRAllocator
+	disableIPv6NodeCIDRAllocation bool
 }
 
 // NewNodeIpamController returns a new node IP Address Management controller to
@@ -70,6 +71,7 @@ func NewNodeIpamController(
 	secondaryServiceCIDR *net.IPNet,
 	nodeCIDRMaskSizes []int,
 	allocatorType ipam.CIDRAllocatorType,
+	disableIPv6NodeCIDRAllocation bool,
 ) (*Controller, error) {
 	if kubeClient == nil {
 		return nil, fmt.Errorf("kubeClient is nil when starting Controller")
@@ -100,10 +102,11 @@ func NewNodeIpamController(
 	var err error
 
 	allocatorParams := ipam.CIDRAllocatorParams{
-		ClusterCIDRs:         clusterCIDRs,
-		ServiceCIDR:          ic.serviceCIDR,
-		SecondaryServiceCIDR: ic.secondaryServiceCIDR,
-		NodeCIDRMaskSizes:    nodeCIDRMaskSizes,
+		ClusterCIDRs:                  clusterCIDRs,
+		ServiceCIDR:                   ic.serviceCIDR,
+		SecondaryServiceCIDR:          ic.secondaryServiceCIDR,
+		NodeCIDRMaskSizes:             nodeCIDRMaskSizes,
+		DisableIPv6NodeCIDRAllocation: disableIPv6NodeCIDRAllocation,
 	}
 
 	ic.cidrAllocator, err = ipam.New(ctx, ic.linodeClient, kubeClient, cloud, nodeInformer, ic.allocatorType, allocatorParams)

deploy/chart/templates/daemonset.yaml

@@ -68,6 +68,9 @@ spec:
             {{- if not $clusterCIDR }}
             {{- fail "clusterCIDR is required if enableNodeIPAM is set" }}
             {{- end }}
+            {{- with .Values.disableIPv6NodeCIDRAllocation }}
+            - --disable-ipv6-node-cidr-allocation={{ . }}
+            {{- end }}
             {{- with .Values.nodeCIDRMaskSizeIPv4 }}
             - --node-cidr-mask-size-ipv4={{ . }}
             {{- end }}

deploy/chart/values.yaml

@@ -86,6 +86,7 @@ tolerations:
 # clusterCIDR: 10.192.0.0/10
 # nodeCIDRMaskSizeIPv4: 24
 # nodeCIDRMaskSizeIPv6: 64
+# disableIPv6NodeCIDRAllocation: false
 
 # vpcs and subnets that node internal IPs will be assigned from (not required if already specified in routeController)
 # vpcName: <name of VPC> [Deprecated: use vpcNames instead]

docs/configuration/environment.md

@@ -53,6 +53,7 @@ The CCM supports the following flags:
 | `--enable-ipv6-for-loadbalancers` | `false` | Set both IPv4 and IPv6 addresses for all LoadBalancer services (when disabled, only IPv4 is used). This can also be configured per-service using the `service.beta.kubernetes.io/linode-loadbalancer-enable-ipv6-ingress` annotation. |
 | `--node-cidr-mask-size-ipv4` | `24` | ipv4 cidr mask size for pod cidrs allocated to nodes |
 | `--node-cidr-mask-size-ipv6` | `64` | ipv6 cidr mask size for pod cidrs allocated to nodes |
+| `--disable-ipv6-node-cidr-allocation` | `false` | disables allocating ipv6 CIDR ranges to nodes when using CCM for node IPAM (set to `true` if ipv6 ranges are not configured on linode interfaces) |
 
 ## Configuration Methods
 

docs/configuration/nodeipam.md

@@ -21,7 +21,7 @@ Note:
 Make sure node IPAM allocation is disabled in kube-controller-manager to avoid both controllers competing to assign CIDRs to nodes. To make sure its disabled, check and make sure kube-controller-manager is not started with `--allocate-node-cidrs` flag.
 
 ## Allocated subnet size
-By default, CCM allocates /24 subnet for ipv4 addresses and /64 for ipv6 addresses to nodes. If one wants different subnet range, it can be configured by using `--node-cidr-mask-size-ipv4` and `--node-cidr-mask-size-ipv6` flags.
+By default, CCM allocates /24 subnet for ipv4 addresses and /112 for ipv6 addresses to nodes. For ipv6 cidr allocation using CCM, linodes should have ipv6 ranges configured on their interfaces. If one wants different subnet range, it can be configured by using `--node-cidr-mask-size-ipv4` and `--node-cidr-mask-size-ipv6` flags.
 
 ```yaml
 spec:
@@ -31,7 +31,10 @@ spec:
         - name: ccm-linode
           args:
             - --allocate-node-cidrs=true
-            - --cluster-cidr=10.192.0.0/10,fd00::/56
+            - --cluster-cidr=10.192.0.0/10
             - --node-cidr-mask-size-ipv4=25
             - --node-cidr-mask-size-ipv6=64
 ```
+
+## Disabling ipv6 ipam allocation
+If one wants to just use ipv4 node ipam allocation for their nodes, they can start CCM with `--disable-ipv6-node-cidr-allocation=true` which disables ipv6 range allocation to nodes.

main.go

@@ -98,6 +98,7 @@ func main() {
 	command.Flags().IntVar(&linode.Options.NodeBalancerBackendIPv4SubnetID, "nodebalancer-backend-ipv4-subnet-id", 0, "ipv4 subnet id to use for NodeBalancer backends")
 	command.Flags().StringVar(&linode.Options.NodeBalancerBackendIPv4SubnetName, "nodebalancer-backend-ipv4-subnet-name", "", "ipv4 subnet name to use for NodeBalancer backends")
 	command.Flags().BoolVar(&linode.Options.DisableNodeBalancerVPCBackends, "disable-nodebalancer-vpc-backends", false, "disables nodebalancer backends in VPCs (when enabled, nodebalancers will only have private IPs as backends for backward compatibility)")
+	command.Flags().BoolVar(&linode.Options.DisableIPv6NodeCIDRAllocation, "disable-ipv6-node-cidr-allocation", false, "disables IPv6 node cidr allocation by ipam controller (when enabled, IPv6 cidr ranges will be allocated to nodes)")
 
 	// Set static flags
 	command.Flags().VisitAll(func(fl *pflag.Flag) {