enable adding ipv6 slaac as annotation

Author: Rahul Sharma

cloud/annotations/annotations.go

@@ -38,8 +38,9 @@ const (
 	// addresses for its LoadBalancer ingress. When set to "true", both addresses will be included in the status.
 	AnnLinodeEnableIPv6Ingress = "service.beta.kubernetes.io/linode-loadbalancer-enable-ipv6-ingress"
 
-	AnnLinodeNodePrivateIP = "node.k8s.linode.com/private-ip"
-	AnnLinodeHostUUID      = "node.k8s.linode.com/host-uuid"
+	AnnLinodeNodePrivateIP       = "node.k8s.linode.com/private-ip"
+	AnnLinodeHostUUID            = "node.k8s.linode.com/host-uuid"
+	AnnLinodeNodePublicIPv6SLAAC = "node.k8s.linode.com/public-ipv6-slaac"
 
 	AnnLinodeNodeIPSharingUpdated = "node.k8s.linode.com/ip-sharing-updated"
 	AnnExcludeNodeFromNb          = "node.k8s.linode.com/exclude-from-nb"

cloud/linode/cloud.go

@@ -61,6 +61,7 @@ var Options struct {
 	NodeCIDRMaskSizeIPv4              int
 	NodeCIDRMaskSizeIPv6              int
 	NodeBalancerPrefix                string
+	AddPublicIPv6SLAACAnnotation      bool
 }
 
 type linodeCloud struct {

cloud/linode/node_controller.go

@@ -270,10 +270,14 @@ func (s *nodeController) handleNode(ctx context.Context, node *v1.Node) error {
 	lastUpdate := s.LastMetadataUpdate(node.Name)
 
 	uuid, foundLabel := node.Labels[annotations.AnnLinodeHostUUID]
-	configuredPrivateIP, foundAnnotation := node.Annotations[annotations.AnnLinodeNodePrivateIP]
+	configuredPrivateIP, foundPrivateIPAnnotation := node.Annotations[annotations.AnnLinodeNodePrivateIP]
+	configuredPublicIPv6SLAAC, foundIPv6Annotation := "", true
+	if Options.AddPublicIPv6SLAACAnnotation {
+		configuredPublicIPv6SLAAC, foundIPv6Annotation = node.Annotations[annotations.AnnLinodeNodePublicIPv6SLAAC]
+	}
 
 	metaAge := time.Since(lastUpdate)
-	if foundLabel && foundAnnotation && metaAge < s.ttl {
+	if foundLabel && foundPrivateIPAnnotation && foundIPv6Annotation && metaAge < s.ttl {
 		klog.V(3).InfoS("Skipping refresh, ttl not reached",
 			"node", klog.KObj(node),
 			"ttl", s.ttl,
@@ -298,7 +302,12 @@ func (s *nodeController) handleNode(ctx context.Context, node *v1.Node) error {
 		}
 	}
 
-	if uuid == linode.HostUUID && node.Spec.ProviderID != "" && configuredPrivateIP == expectedPrivateIP {
+	expectedPublicIPv6SLAAC := ""
+	if Options.AddPublicIPv6SLAACAnnotation {
+		expectedPublicIPv6SLAAC = linode.IPv6
+	}
+
+	if uuid == linode.HostUUID && node.Spec.ProviderID != "" && configuredPrivateIP == expectedPrivateIP && configuredPublicIPv6SLAAC == expectedPublicIPv6SLAAC {
 		s.SetLastMetadataUpdate(node.Name)
 		return nil
 	}
@@ -325,6 +334,9 @@ func (s *nodeController) handleNode(ctx context.Context, node *v1.Node) error {
 		if nodeResult.Annotations[annotations.AnnLinodeNodePrivateIP] != expectedPrivateIP && expectedPrivateIP != "" {
 			nodeResult.Annotations[annotations.AnnLinodeNodePrivateIP] = expectedPrivateIP
 		}
+		if nodeResult.Annotations[annotations.AnnLinodeNodePublicIPv6SLAAC] != expectedPublicIPv6SLAAC && expectedPublicIPv6SLAAC != "" {
+			nodeResult.Annotations[annotations.AnnLinodeNodePublicIPv6SLAAC] = expectedPublicIPv6SLAAC
+		}
 		updatedNode, err = s.kubeclient.CoreV1().Nodes().Update(ctx, nodeResult, metav1.UpdateOptions{})
 		return err
 	}); err != nil {

cloud/linode/node_controller_test.go

@@ -197,6 +197,80 @@ func TestNodeController_processNext(t *testing.T) {
 }
 
 func TestNodeController_handleNode(t *testing.T) {
+	// Mock dependencies
+	ctrl := gomock.NewController(t)
+	defer ctrl.Finish()
+	client := mocks.NewMockClient(ctrl)
+	kubeClient := fake.NewSimpleClientset()
+	optionsIPv6SLAAC := Options.AddPublicIPv6SLAACAnnotation
+	defer func() {
+		Options.AddPublicIPv6SLAACAnnotation = optionsIPv6SLAAC
+	}()
+	Options.AddPublicIPv6SLAACAnnotation = true
+	node := &v1.Node{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:        "test-node",
+			Labels:      map[string]string{},
+			Annotations: map[string]string{},
+		},
+		Spec: v1.NodeSpec{ProviderID: "linode://123"},
+	}
+	_, err := kubeClient.CoreV1().Nodes().Create(t.Context(), node, metav1.CreateOptions{})
+	require.NoError(t, err, "expected no error during node creation")
+
+	instCache := newInstances(client)
+
+	t.Setenv("LINODE_METADATA_TTL", "30")
+	nodeCtrl := newNodeController(kubeClient, client, nil, instCache)
+	assert.Equal(t, 30*time.Second, nodeCtrl.ttl, "expected ttl to be 30 seconds")
+
+	t.Setenv("K8S_NODECACHE_TTL", "60")
+	currK8sNodeCache := newK8sNodeCache()
+	assert.Equal(t, 60*time.Second, currK8sNodeCache.ttl, "expected ttl to be 60 seconds")
+
+	// Test: Successful metadata update
+	publicIP := net.ParseIP("172.234.31.123")
+	privateIP := net.ParseIP("192.168.159.135")
+	publicIPv6SLAAC := "2001:db::f03c:91ff:fe2b:1a2b"
+	client.EXPECT().ListInstances(gomock.Any(), nil).Times(1).Return([]linodego.Instance{
+		{ID: 123, Label: "test-node", IPv4: []*net.IP{&publicIP, &privateIP}, IPv6: publicIPv6SLAAC, HostUUID: "123"},
+	}, nil)
+	err = nodeCtrl.handleNode(t.Context(), node)
+	require.NoError(t, err, "expected no error during handleNode")
+
+	// Check metadataLastUpdate
+	lastUpdate := nodeCtrl.LastMetadataUpdate("test-node")
+	if time.Since(lastUpdate) > 5*time.Second {
+		t.Errorf("metadataLastUpdate was not updated correctly")
+	}
+
+	// Annotations set, no update needed as ttl not reached
+	node.Labels[annotations.AnnLinodeHostUUID] = "123"
+	node.Annotations[annotations.AnnLinodeNodePrivateIP] = privateIP.String()
+	node.Annotations[annotations.AnnLinodeNodePublicIPv6SLAAC] = publicIPv6SLAAC
+	err = nodeCtrl.handleNode(t.Context(), node)
+	require.NoError(t, err, "expected no error during handleNode")
+
+	// Lookup failure for linode instance
+	client = mocks.NewMockClient(ctrl)
+	nodeCtrl.instances = newInstances(client)
+	nodeCtrl.metadataLastUpdate["test-node"] = time.Now().Add(-2 * nodeCtrl.ttl)
+	client.EXPECT().ListInstances(gomock.Any(), nil).Times(1).Return([]linodego.Instance{}, errors.New("lookup failed"))
+	err = nodeCtrl.handleNode(t.Context(), node)
+	require.Error(t, err, "expected error during handleNode, got nil")
+
+	// All fields already set
+	client = mocks.NewMockClient(ctrl)
+	nodeCtrl.instances = newInstances(client)
+	nodeCtrl.metadataLastUpdate["test-node"] = time.Now().Add(-2 * nodeCtrl.ttl)
+	client.EXPECT().ListInstances(gomock.Any(), nil).Times(1).Return([]linodego.Instance{
+		{ID: 123, Label: "test-node", IPv4: []*net.IP{&publicIP, &privateIP}, IPv6: publicIPv6SLAAC, HostUUID: "123"},
+	}, nil)
+	err = nodeCtrl.handleNode(t.Context(), node)
+	assert.NoError(t, err, "expected no error during handleNode")
+}
+
+func TestNodeController_handleNodeWithoutSLAAC(t *testing.T) {
 	// Mock dependencies
 	ctrl := gomock.NewController(t)
 	defer ctrl.Finish()

deploy/chart/templates/daemonset.yaml

@@ -178,6 +178,9 @@ spec:
             {{- if .Values.nodeBalancerPrefix }}
             - --nodebalancer-prefix={{ .Values.nodeBalancerPrefix }}
             {{- end }}
+            {{- with .Values.addPublicIPv6SLAACAnnotation }}
+            - --add-public-ipv6-slaac-annotation={{ . }}
+            {{- end }}
             {{- if .Values.extraArgs }}
             {{- toYaml .Values.extraArgs | nindent 12 }}
             {{- end }}

deploy/chart/values.yaml

@@ -124,6 +124,10 @@ tolerations:
 # nodeBalancerPrefix is used to add prefix for nodeBalancer name. Default is "ccm"
 # nodeBalancerPrefix: ""
 
+# addPublicIPv6SLAACAnnotation is used to add public IPv6 SLAAC annotation to nodes.
+# When set to true, the node's public IPv6 SLAAC address will be added as an annotation to the node.
+# addPublicIPv6SLAACAnnotation: false
+
 # This section adds the ability to pass environment variables to adjust CCM defaults
 # https://github.com/linode/linode-cloud-controller-manager/blob/master/cloud/linode/loadbalancers.go
 # LINODE_HOSTNAME_ONLY_INGRESS type bool is supported

docs/configuration/environment.md

@@ -56,7 +56,8 @@ The CCM supports the following flags:
 | `--node-cidr-mask-size-ipv4` | Int | `24` | ipv4 cidr mask size for pod cidrs allocated to nodes |
 | `--node-cidr-mask-size-ipv6` | Int | `64` | ipv6 cidr mask size for pod cidrs allocated to nodes |
 | `--nodebalancer-prefix` | String | `ccm` | Name prefix for NoadBalancers. |
-| `--disable-ipv6-node-cidr-allocation` | `false` | disables allocating IPv6 CIDR ranges to nodes when using CCM for node IPAM (set to `true` if IPv6 ranges are not configured on Linode interfaces) |
+| `--disable-ipv6-node-cidr-allocation` | Boolean | `false` | disables allocating IPv6 CIDR ranges to nodes when using CCM for node IPAM (set to `true` if IPv6 ranges are not configured on Linode interfaces) |
+| `--add-public-ipv6-slaac-annotation` | Boolean | `false` | adds public IPv6 SLAAC annotation to nodes (when enabled, the node's public IPv6 SLAAC address will be added as an annotation to the node) |
 
 ## Configuration Methods
 

main.go

@@ -101,6 +101,7 @@ func main() {
 	command.Flags().BoolVar(&linode.Options.DisableNodeBalancerVPCBackends, "disable-nodebalancer-vpc-backends", false, "disables nodebalancer backends in VPCs (when enabled, nodebalancers will only have private IPs as backends for backward compatibility)")
 	command.Flags().StringVar(&linode.Options.NodeBalancerPrefix, "nodebalancer-prefix", "ccm", fmt.Sprintf("Name prefix for NoadBalancers. (max. %v char.)", linode.NodeBalancerPrefixCharLimit))
 	command.Flags().BoolVar(&linode.Options.DisableIPv6NodeCIDRAllocation, "disable-ipv6-node-cidr-allocation", false, "disables IPv6 node cidr allocation by ipam controller (when enabled, IPv6 cidr ranges will be allocated to nodes)")
+	command.Flags().BoolVar(&linode.Options.AddPublicIPv6SLAACAnnotation, "add-public-ipv6-slaac-annotation", false, "adds public IPv6 SLAAC annotation to nodes (when enabled, the node's public IPv6 SLAAC address will be added as an annotation to the node)")
 
 	// Set static flags
 	command.Flags().VisitAll(func(fl *pflag.Flag) {