[feat] : add ipv6 ipam to CCM (#369)

* initial implementation of ipv6 ipam

* fix linting errors

* add tests for cloud_allocator

* fix review comments

* use ipv6 range allocated to node to calculate /112 for node ipam

* use providerid to get linode id

* address review comments

* add flag to enable/disable ipv6 allocation logic

* update linodego to upstream branch which contains ipv6 support

* fix lint error

* address review comments

* use slaac ranges as well in evaluation

* make sure disabling ipv6 for nodeipam works

Author: rahulait

Makefile

@@ -80,7 +80,7 @@ fmt:
 .PHONY: test
 # we say code is not worth testing unless it's formatted
 test: fmt codegen
-	go test -v -coverpkg=./sentry,./cloud/linode/client,./cloud/linode/firewall,./cloud/linode -coverprofile ./coverage.out -cover ./sentry/... ./cloud/... $(TEST_ARGS)
+	go test -v -coverpkg=./sentry,./cloud/linode/client,./cloud/linode/firewall,./cloud/linode,./cloud/nodeipam,./cloud/nodeipam/ipam -coverprofile ./coverage.out -cover ./sentry/... ./cloud/... $(TEST_ARGS)
 
 .PHONY: build-linux
 build-linux: codegen

cloud/linode/client/client.go

@@ -26,6 +26,7 @@ type Client interface {
 	GetInstance(context.Context, int) (*linodego.Instance, error)
 	ListInstances(context.Context, *linodego.ListOptions) ([]linodego.Instance, error)
 	CreateInstance(ctx context.Context, opts linodego.InstanceCreateOptions) (*linodego.Instance, error)
+	ListInstanceConfigs(ctx context.Context, linodeID int, opts *linodego.ListOptions) ([]linodego.InstanceConfig, error)
 
 	GetInstanceIPAddresses(context.Context, int) (*linodego.InstanceIPAddressResponse, error)
 	AddInstanceIPAddress(ctx context.Context, linodeID int, public bool) (*linodego.InstanceIP, error)

cloud/linode/client/client_with_metrics.go

@@ -56,6 +56,7 @@ var Options struct {
 	GlobalStopChannel                 chan<- struct{}
 	EnableIPv6ForLoadBalancers        bool
 	AllocateNodeCIDRs                 bool
+	DisableIPv6NodeCIDRAllocation     bool
 	ClusterCIDRIPv4                   string
 	NodeCIDRMaskSizeIPv4              int
 	NodeCIDRMaskSizeIPv6              int

cloud/linode/client/mocks/mock_client.go

@@ -20,6 +20,7 @@ func TestNewCloudRouteControllerDisabled(t *testing.T) {
 	t.Setenv("LINODE_API_TOKEN", "dummyapitoken")
 	t.Setenv("LINODE_REGION", "us-east")
 	t.Setenv("LINODE_REQUEST_TIMEOUT_SECONDS", "10")
+	t.Setenv("LINODE_URL", "https://api.linode.com/v4")
 	Options.NodeBalancerPrefix = "ccm"
 
 	t.Run("should not fail if vpc is empty and routecontroller is disabled", func(t *testing.T) {
@@ -45,6 +46,7 @@ func TestNewCloud(t *testing.T) {
 	t.Setenv("LINODE_REGION", "us-east")
 	t.Setenv("LINODE_REQUEST_TIMEOUT_SECONDS", "10")
 	t.Setenv("LINODE_ROUTES_CACHE_TTL_SECONDS", "60")
+	t.Setenv("LINODE_URL", "https://api.linode.com/v4")
 	Options.LinodeGoDebug = true
 	Options.NodeBalancerPrefix = "ccm"
 

cloud/linode/cloud.go

@@ -27,24 +27,24 @@ import (
 	"k8s.io/apimachinery/pkg/util/wait"
 	v1 "k8s.io/client-go/informers/core/v1"
 	"k8s.io/client-go/kubernetes"
-	cloudprovider "k8s.io/cloud-provider"
-	nodeipamcontroller "k8s.io/kubernetes/pkg/controller/nodeipam"
-	"k8s.io/kubernetes/pkg/controller/nodeipam/ipam"
 	netutils "k8s.io/utils/net"
+
+	nodeipamcontroller "github.com/linode/linode-cloud-controller-manager/cloud/nodeipam"
+	"github.com/linode/linode-cloud-controller-manager/cloud/nodeipam/ipam"
 )
 
 const (
-	maxAllowedNodeCIDRs = 2
+	maxAllowedNodeCIDRsIPv4 = 1
 )
 
 var (
 	// defaultNodeMaskCIDRIPv4 is default mask size for IPv4 node cidr
 	defaultNodeMaskCIDRIPv4 = 24
 	// defaultNodeMaskCIDRIPv6 is default mask size for IPv6 node cidr
-	defaultNodeMaskCIDRIPv6 = 64
+	defaultNodeMaskCIDRIPv6 = 112
 )
 
-func startNodeIpamController(stopCh <-chan struct{}, cloud cloudprovider.Interface, nodeInformer v1.NodeInformer, kubeclient kubernetes.Interface) error {
+func startNodeIpamController(stopCh <-chan struct{}, cloud *linodeCloud, nodeInformer v1.NodeInformer, kubeclient kubernetes.Interface) error {
 	var serviceCIDR *net.IPNet
 	var secondaryServiceCIDR *net.IPNet
 
@@ -54,64 +54,39 @@ func startNodeIpamController(stopCh <-chan struct{}, cloud cloudprovider.Interfa
 	}
 
 	// failure: bad cidrs in config
-	clusterCIDRs, dualStack, err := processCIDRs(Options.ClusterCIDRIPv4)
+	clusterCIDRs, err := processCIDRs(Options.ClusterCIDRIPv4)
 	if err != nil {
 		return fmt.Errorf("processCIDRs failed: %w", err)
 	}
 
-	// failure: more than one cidr but they are not configured as dual stack
-	if len(clusterCIDRs) > 1 && !dualStack {
-		return fmt.Errorf("len of ClusterCIDRs==%v and they are not configured as dual stack (at least one from each IPFamily", len(clusterCIDRs))
-	}
-
-	// failure: more than cidrs is not allowed even with dual stack
-	if len(clusterCIDRs) > maxAllowedNodeCIDRs {
-		return fmt.Errorf("len of clusters is:%v > more than max allowed of %d", len(clusterCIDRs), maxAllowedNodeCIDRs)
-	}
-
-	/* TODO: uncomment and fix if we want to support service cidr overlap with nodecidr
-	// service cidr processing
-	if len(strings.TrimSpace(nodeIPAMConfig.ServiceCIDR)) != 0 {
-		_, serviceCIDR, err = netutils.ParseCIDRSloppy(nodeIPAMConfig.ServiceCIDR)
-		if err != nil {
-			klog.ErrorS(err, "Unsuccessful parsing of service CIDR", "CIDR", nodeIPAMConfig.ServiceCIDR)
-		}
+	if len(clusterCIDRs) == 0 {
+		return fmt.Errorf("no clusterCIDR specified. Must specify --cluster-cidr if --allocate-node-cidrs is set")
 	}
 
-	if len(strings.TrimSpace(nodeIPAMConfig.SecondaryServiceCIDR)) != 0 {
-		_, secondaryServiceCIDR, err = netutils.ParseCIDRSloppy(nodeIPAMConfig.SecondaryServiceCIDR)
-		if err != nil {
-			klog.ErrorS(err, "Unsuccessful parsing of service CIDR", "CIDR", nodeIPAMConfig.SecondaryServiceCIDR)
-		}
+	if len(clusterCIDRs) > maxAllowedNodeCIDRsIPv4 {
+		return fmt.Errorf("too many clusterCIDRs specified for ipv4, max allowed is %d", maxAllowedNodeCIDRsIPv4)
 	}
 
-	// the following checks are triggered if both serviceCIDR and secondaryServiceCIDR are provided
-	if serviceCIDR != nil && secondaryServiceCIDR != nil {
-		// should be dual stack (from different IPFamilies)
-		dualstackServiceCIDR, err := netutils.IsDualStackCIDRs([]*net.IPNet{serviceCIDR, secondaryServiceCIDR})
-		if err != nil {
-			return nil, false, fmt.Errorf("failed to perform dualstack check on serviceCIDR and secondaryServiceCIDR error:%v", err)
-		}
-		if !dualstackServiceCIDR {
-			return nil, false, fmt.Errorf("serviceCIDR and secondaryServiceCIDR are not dualstack (from different IPfamiles)")
-		}
+	if clusterCIDRs[0].IP.To4() == nil {
+		return fmt.Errorf("clusterCIDR %s is not ipv4", clusterCIDRs[0].String())
 	}
-	*/
 
-	nodeCIDRMaskSizes := setNodeCIDRMaskSizes(clusterCIDRs)
+	nodeCIDRMaskSizes := setNodeCIDRMaskSizes()
 
 	ctx := wait.ContextForChannel(stopCh)
 
 	nodeIpamController, err := nodeipamcontroller.NewNodeIpamController(
 		ctx,
 		nodeInformer,
 		cloud,
+		cloud.client,
 		kubeclient,
 		clusterCIDRs,
 		serviceCIDR,
 		secondaryServiceCIDR,
 		nodeCIDRMaskSizes,
-		ipam.RangeAllocatorType,
+		ipam.CloudAllocatorType,
+		Options.DisableIPv6NodeCIDRAllocation,
 	)
 	if err != nil {
 		return err
@@ -121,47 +96,25 @@ func startNodeIpamController(stopCh <-chan struct{}, cloud cloudprovider.Interfa
 	return nil
 }
 
-// processCIDRs is a helper function that works on a comma separated cidrs and returns
-// a list of typed cidrs
-// a flag if cidrs represents a dual stack
-// error if failed to parse any of the cidrs
-func processCIDRs(cidrsList string) ([]*net.IPNet, bool, error) {
+// processCIDR is a helper function that works on cidr and returns a list of typed cidrs
+// error if failed to parse the cidr
+func processCIDRs(cidrsList string) ([]*net.IPNet, error) {
 	cidrsSplit := strings.Split(strings.TrimSpace(cidrsList), ",")
 
 	cidrs, err := netutils.ParseCIDRs(cidrsSplit)
 	if err != nil {
-		return nil, false, err
+		return nil, err
 	}
 
-	// if cidrs has an error then the previous call will fail
-	// safe to ignore error checking on next call
-	dualstack, err := netutils.IsDualStackCIDRs(cidrs)
-	if err != nil {
-		return nil, false, fmt.Errorf("failed to perform dualstack check on cidrs: %w", err)
-	}
-
-	return cidrs, dualstack, nil
+	return cidrs, nil
 }
 
-func setNodeCIDRMaskSizes(clusterCIDRs []*net.IPNet) []int {
-	sortedSizes := func(maskSizeIPv4, maskSizeIPv6 int) []int {
-		nodeMaskCIDRs := make([]int, len(clusterCIDRs))
-
-		for idx, clusterCIDR := range clusterCIDRs {
-			if netutils.IsIPv6CIDR(clusterCIDR) {
-				nodeMaskCIDRs[idx] = maskSizeIPv6
-			} else {
-				nodeMaskCIDRs[idx] = maskSizeIPv4
-			}
-		}
-		return nodeMaskCIDRs
-	}
-
+func setNodeCIDRMaskSizes() []int {
 	if Options.NodeCIDRMaskSizeIPv4 != 0 {
 		defaultNodeMaskCIDRIPv4 = Options.NodeCIDRMaskSizeIPv4
 	}
 	if Options.NodeCIDRMaskSizeIPv6 != 0 {
 		defaultNodeMaskCIDRIPv6 = Options.NodeCIDRMaskSizeIPv6
 	}
-	return sortedSizes(defaultNodeMaskCIDRIPv4, defaultNodeMaskCIDRIPv6)
+	return []int{defaultNodeMaskCIDRIPv4, defaultNodeMaskCIDRIPv6}
 }