Fix dual-stack for self-managed nodes and NPN (#1048)

Author: robo-cap

module-workers.tf

@@ -78,6 +78,7 @@ module "workers" {
   worker_nsg_ids                 = concat(var.worker_nsg_ids, [try(module.network.worker_nsg_id, null)])
   worker_subnet_id               = try(module.network.worker_subnet_id, "") # safe destroy; validated in submodule
   preemptible_config             = var.worker_preemptible_config
+  enable_ipv6                    = var.enable_ipv6
 
   # Tagging
   tag_namespace    = var.tag_namespace

modules/workers/instance.tf

@@ -61,6 +61,7 @@ resource "oci_core_instance" "workers" {
 
   create_vnic_details {
     assign_private_dns_record = var.assign_dns
+    assign_ipv6ip             = each.value.assign_ipv6ip
     assign_public_ip          = each.value.assign_public_ip
     nsg_ids                   = each.value.nsg_ids
     subnet_id                 = each.value.subnet_id
@@ -86,12 +87,17 @@ resource "oci_core_instance" "workers" {
     },
 
     # Add labels required for NPN CNI.
-    var.cni_type == "npn" ? {
-      oke-native-pod-networking = true
-      oke-max-pods              = var.max_pods_per_node
-      pod-subnets               = coalesce(var.pod_subnet_id, var.worker_subnet_id, "none")
-      pod-nsgids                = join(",", each.value.pod_nsg_ids)
-    } : {},
+    var.cni_type == "npn" ? merge(
+      {
+        oke-native-pod-networking = true
+        oke-max-pods              = var.max_pods_per_node
+        pod-subnets               = coalesce(var.pod_subnet_id, var.worker_subnet_id, "none")
+        pod-nsgids                = join(",", each.value.pod_nsg_ids)
+      },
+      var.enable_ipv6 ? 
+      { 
+        ip-families               = "IPv4,IPv6" 
+      }: {} ) : {},
 
     # Only provide cluster DNS service address if set explicitly; determined automatically in practice.
     coalesce(var.cluster_dns, "none") == "none" ? {} : { kubedns_svc_ip = var.cluster_dns },

modules/workers/instanceconfig.tf

@@ -43,6 +43,7 @@ resource "oci_core_instance_configuration" "workers" {
 
       create_vnic_details {
         assign_private_dns_record = var.assign_dns
+        assign_ipv6ip             = each.value.assign_ipv6ip
         assign_public_ip          = each.value.assign_public_ip
         nsg_ids                   = each.value.nsg_ids
         subnet_id                 = each.value.subnet_id
@@ -64,12 +65,17 @@ resource "oci_core_instance_configuration" "workers" {
         },
 
         # Add labels required for NPN CNI.
-        var.cni_type == "npn" ? {
-          oke-native-pod-networking = true
-          oke-max-pods              = var.max_pods_per_node
-          pod-subnets               = coalesce(var.pod_subnet_id, var.worker_subnet_id, "none")
-          pod-nsgids                = join(",", each.value.pod_nsg_ids)
-        } : {},
+        var.cni_type == "npn" ? merge(
+          {
+            oke-native-pod-networking = true
+            oke-max-pods              = var.max_pods_per_node
+            pod-subnets               = coalesce(var.pod_subnet_id, var.worker_subnet_id, "none")
+            pod-nsgids                = join(",", each.value.pod_nsg_ids)
+          },
+          var.enable_ipv6 ? 
+          { 
+            ip-families               = "IPv4,IPv6" 
+          }: {} ) : {},
 
         # Only provide cluster DNS service address if set explicitly; determined automatically in practice.
         coalesce(var.cluster_dns, "none") == "none" ? {} : { kubedns_svc_ip = var.cluster_dns },
@@ -154,6 +160,7 @@ resource "oci_core_instance_configuration" "workers" {
 
         create_vnic_details {
           assign_private_dns_record = lookup(vnic.value, "assign_private_dns_record", null)
+          assign_ipv6ip             = lookup(vnic.value, "assign_ipv6ip", null)
           assign_public_ip          = lookup(vnic.value, "assign_public_ip", null)
           display_name              = vnic.key
           defined_tags              = lookup(vnic.value, "defined_tags", null)

modules/workers/locals.tf

@@ -24,6 +24,7 @@ locals {
     allow_autoscaler               = false
     legacy_imds_endpoints_disabled = var.legacy_imds_endpoints_disabled
     assign_public_ip               = var.assign_public_ip
+    assign_ipv6ip                  = var.enable_ipv6 ? true : false
     autoscale                      = false
     block_volume_type              = var.block_volume_type
     boot_volume_size               = local.boot_volume_size

modules/workers/variables.tf

@@ -100,6 +100,12 @@ variable "cni_type" {
   }
 }
 
+variable "enable_ipv6" {
+  default     = false
+  description = "Whether to create a dual-stack (IPv4/IPv6) cluster."
+  type        = bool
+}
+
 variable "pod_subnet_id" { type = string }
 variable "worker_subnet_id" { type = string }
 
@@ -340,3 +346,4 @@ variable "compute_clusters" {
   description = "Whether to create compute clusters shared by nodes across multiple worker pools enabled for 'compute-cluster'."
   type        = map(any)
 }
+

variables-workers.tf

@@ -71,7 +71,7 @@ variable "worker_compute_clusters" {
 
 variable "worker_is_public" {
   default     = false
-  description = "Whether to provision workers with public IPs allocated by default when unspecified on a pool."
+  description = "Whether to provision workers with public IPs allocated by default when unspecified on a pool. It should be true when creating dual-stack clusters."
   type        = bool
 }