Added - Support for IPv6 on OKE

Author: XinruXiao-9

examples/container_engine/ipv6/main.tf

@@ -0,0 +1,150 @@
+// Copyright (c) 2017, 2024, Oracle and/or its affiliates. All rights reserved.
+// Licensed under the Mozilla Public License v2.0
+
+variable "tenancy_ocid" {}
+variable "region" {
+  default = "us-ashburn-1"
+}
+variable "compartment_ocid" {}
+
+provider "oci" {
+  tenancy_ocid     = var.tenancy_ocid
+  auth             = "SecurityToken"
+  config_file_profile = "terraform-federation-test"
+  region           = var.region
+}
+
+data "oci_identity_availability_domain" "ad1" {
+  compartment_id = var.tenancy_ocid
+  ad_number      = 1
+}
+
+data "oci_identity_availability_domain" "ad2" {
+  compartment_id = var.tenancy_ocid
+  ad_number      = 2
+}
+
+data "oci_containerengine_cluster_option" "test_cluster_option" {
+  cluster_option_id = "all"
+}
+
+resource "oci_core_vcn" "test_vcn" {
+  cidr_block     = "10.0.0.0/16"
+  compartment_id = var.compartment_ocid
+  display_name   = "tfDualStackVcnForClusters"
+  is_ipv6enabled = true
+  is_oracle_gua_allocation_enabled = true
+}
+
+
+resource "oci_core_internet_gateway" "test_ig" {
+  compartment_id = var.compartment_ocid
+  display_name   = "tfClusterInternetGateway"
+  vcn_id         = oci_core_vcn.test_vcn.id
+}
+resource "oci_core_route_table" "test_route_table" {
+  compartment_id = var.compartment_ocid
+  vcn_id         = oci_core_vcn.test_vcn.id
+  display_name   = "tfClustersRouteTable"
+  route_rules {
+    destination       = "0.0.0.0/0"
+    destination_type  = "CIDR_BLOCK"
+    network_entity_id = oci_core_internet_gateway.test_ig.id
+  }
+}
+resource "oci_core_subnet" "test_subnet" {
+  #Required
+  cidr_block          = "10.0.20.0/24"
+  compartment_id      = var.compartment_ocid
+  vcn_id              = oci_core_vcn.test_vcn.id
+  # Provider code tries to maintain compatibility with old versions.
+  security_list_ids = [oci_core_vcn.test_vcn.default_security_list_id]
+  display_name      = "tfSubNet1ForNodePool"
+  route_table_id    = oci_core_route_table.test_route_table.id
+  ipv6cidr_block   = cidrsubnet(oci_core_vcn.test_vcn.ipv6cidr_blocks[0], 8, 1)  # Creating a /64 subnet from /56
+}
+resource "oci_core_security_list" "test_security_list" {
+  compartment_id = var.compartment_ocid
+  vcn_id         = oci_core_vcn.test_vcn.id
+  display_name   = "Default Security List for virtual node pool"
+  egress_security_rules {
+    destination      = "0.0.0.0/0"
+    destination_type = "CIDR_BLOCK"
+    protocol         = "all"
+    stateless        = false
+    description      = "Allowing egress to all via all protocols."
+  }
+  ingress_security_rules {
+    source           = "10.0.0.0/16"
+    source_type      = "CIDR_BLOCK"
+    protocol         = "all"
+    stateless        = false
+  }
+  ingress_security_rules {
+    protocol    = 6 # local.TCP
+    source      = "0.0.0.0/0"
+    source_type = "CIDR_BLOCK"
+    stateless   = false
+    description = "Allowing ingress to all via TCP"
+    # Optional
+    tcp_options {
+      max = "6443"
+      min = "6443"
+      source_port_range {
+        max = "1521"
+        min = "1521"
+      }
+    }
+  }
+  ingress_security_rules {
+    # Optional
+    icmp_options {
+      code = "4"
+      type = "3"
+    }
+    protocol    = 1 # local.ICMP
+    source      = "0.0.0.0/0"
+    source_type = "CIDR_BLOCK"
+    stateless   = false
+    description = "Allowing ingress to all via ICMP"
+  }
+  ingress_security_rules {
+    # Optional
+    icmp_options {
+      code = "-1"
+      type = "3"
+    }
+    protocol    = 1 # local.ICMP
+    source      = "10.0.0.0/16"
+    source_type = "CIDR_BLOCK"
+    stateless   = false
+  }
+}
+
+# Create a dual stack cluster
+resource "oci_containerengine_cluster" "test_cluster" {
+  #Required
+  compartment_id     = var.compartment_ocid
+  kubernetes_version = reverse(data.oci_containerengine_cluster_option.test_cluster_option.kubernetes_versions)[0]
+  name               = "tfTestClusterDualStack"
+  vcn_id             = oci_core_vcn.test_vcn.id
+  type               = "ENHANCED_CLUSTER"
+  cluster_pod_network_options {
+    # VNPs require cni_type as OCI_VCN_IP_NATIVE
+    cni_type = "OCI_VCN_IP_NATIVE"
+  }
+  options {
+    ip_families = ["IPv4", "IPv6"]
+  }
+  endpoint_config {
+    #Optional
+    is_public_ip_enabled = true
+    nsg_ids              = ["${oci_core_network_security_group.network_security_group_rd.id}"]
+    subnet_id            = oci_core_subnet.test_subnet.id
+  }
+}
+resource "oci_core_network_security_group" "network_security_group_rd" {
+  compartment_id = var.compartment_ocid
+  vcn_id         = oci_core_vcn.test_vcn.id
+  display_name   = "displayName"
+}

internal/integrationtest/containerengine_cluster_test.go

@@ -84,9 +84,10 @@ var (
 		"key_details":       acctest.RepresentationGroup{RepType: acctest.Optional, Group: ContainerengineClusterImagePolicyConfigKeyDetailsRepresentation},
 	}
 	ContainerengineClusterOptionsRepresentation = map[string]interface{}{
-		"add_ons":                                     acctest.RepresentationGroup{RepType: acctest.Optional, Group: ContainerengineClusterOptionsAddOnsRepresentation},
-		"admission_controller_options":                acctest.RepresentationGroup{RepType: acctest.Optional, Group: ContainerengineClusterOptionsAdmissionControllerOptionsRepresentation},
-		"kubernetes_network_config":                   acctest.RepresentationGroup{RepType: acctest.Optional, Group: ContainerengineClusterOptionsKubernetesNetworkConfigRepresentation},
+		"add_ons":                      acctest.RepresentationGroup{RepType: acctest.Optional, Group: ContainerengineClusterOptionsAddOnsRepresentation},
+		"admission_controller_options": acctest.RepresentationGroup{RepType: acctest.Optional, Group: ContainerengineClusterOptionsAdmissionControllerOptionsRepresentation},
+		"ip_families":                  acctest.Representation{RepType: acctest.Optional, Create: []string{`IPv4`}},
+		"kubernetes_network_config":    acctest.RepresentationGroup{RepType: acctest.Optional, Group: ContainerengineClusterOptionsKubernetesNetworkConfigRepresentation},
 		"open_id_connect_token_authentication_config": acctest.RepresentationGroup{RepType: acctest.Optional, Group: ContainerengineClusterOptionsOpenIdConnectTokenAuthenticationConfigRepresentation},
 		"open_id_connect_discovery":                   acctest.RepresentationGroup{RepType: acctest.Optional, Group: ContainerengineClusterOptionsOpenIdConnectDiscoveryRepresentation},
 		"persistent_volume_config":                    acctest.RepresentationGroup{RepType: acctest.Optional, Group: ContainerengineClusterOptionsPersistentVolumeConfigRepresentation},
@@ -209,6 +210,9 @@ func TestContainerengineClusterResource_basic(t *testing.T) {
 				resource.TestCheckResourceAttr(resourceName, "options.0.add_ons.#", "1"),
 				resource.TestCheckResourceAttr(resourceName, "options.0.add_ons.0.is_kubernetes_dashboard_enabled", "true"),
 				resource.TestCheckResourceAttr(resourceName, "options.0.add_ons.0.is_tiller_enabled", "true"),
+				resource.TestCheckResourceAttr(resourceName, "options.0.admission_controller_options.#", "1"),
+				resource.TestCheckResourceAttr(resourceName, "options.0.admission_controller_options.0.is_pod_security_policy_enabled", "false"),
+				resource.TestCheckResourceAttr(resourceName, "options.0.ip_families.#", "1"),
 				resource.TestCheckResourceAttr(resourceName, "options.0.kubernetes_network_config.#", "1"),
 				resource.TestCheckResourceAttr(resourceName, "options.0.kubernetes_network_config.0.pods_cidr", "10.1.0.0/16"),
 				resource.TestCheckResourceAttr(resourceName, "options.0.kubernetes_network_config.0.services_cidr", "10.2.0.0/16"),
@@ -272,6 +276,9 @@ func TestContainerengineClusterResource_basic(t *testing.T) {
 				resource.TestCheckResourceAttr(resourceName, "options.0.add_ons.#", "1"),
 				resource.TestCheckResourceAttr(resourceName, "options.0.add_ons.0.is_kubernetes_dashboard_enabled", "true"),
 				resource.TestCheckResourceAttr(resourceName, "options.0.add_ons.0.is_tiller_enabled", "true"),
+				resource.TestCheckResourceAttr(resourceName, "options.0.admission_controller_options.#", "1"),
+				resource.TestCheckResourceAttr(resourceName, "options.0.admission_controller_options.0.is_pod_security_policy_enabled", "false"),
+				resource.TestCheckResourceAttr(resourceName, "options.0.ip_families.#", "1"),
 				resource.TestCheckResourceAttr(resourceName, "options.0.kubernetes_network_config.#", "1"),
 				resource.TestCheckResourceAttr(resourceName, "options.0.kubernetes_network_config.0.pods_cidr", "10.1.0.0/16"),
 				resource.TestCheckResourceAttr(resourceName, "options.0.kubernetes_network_config.0.services_cidr", "10.2.0.0/16"),
@@ -327,6 +334,8 @@ func TestContainerengineClusterResource_basic(t *testing.T) {
 				resource.TestCheckResourceAttr(datasourceName, "clusters.0.options.0.add_ons.#", "1"),
 				resource.TestCheckResourceAttr(datasourceName, "clusters.0.options.0.add_ons.0.is_kubernetes_dashboard_enabled", "true"),
 				resource.TestCheckResourceAttr(datasourceName, "clusters.0.options.0.add_ons.0.is_tiller_enabled", "true"),
+				resource.TestCheckResourceAttr(datasourceName, "clusters.0.options.0.admission_controller_options.#", "1"),
+				resource.TestCheckResourceAttr(datasourceName, "clusters.0.options.0.ip_families.#", "1"),
 				resource.TestCheckResourceAttr(datasourceName, "clusters.0.options.0.kubernetes_network_config.#", "1"),
 				resource.TestCheckResourceAttr(datasourceName, "clusters.0.options.0.kubernetes_network_config.0.pods_cidr", "10.1.0.0/16"),
 				resource.TestCheckResourceAttr(datasourceName, "clusters.0.options.0.kubernetes_network_config.0.services_cidr", "10.2.0.0/16"),
@@ -384,6 +393,7 @@ func TestContainerengineClusterResource_basic(t *testing.T) {
 				resource.TestCheckResourceAttr(singularDatasourceName, "options.0.add_ons.0.is_kubernetes_dashboard_enabled", "true"),
 				resource.TestCheckResourceAttr(singularDatasourceName, "options.0.add_ons.0.is_tiller_enabled", "true"),
 				resource.TestCheckResourceAttr(singularDatasourceName, "options.0.admission_controller_options.#", "1"),
+				resource.TestCheckResourceAttr(singularDatasourceName, "options.0.ip_families.#", "1"),
 				resource.TestCheckResourceAttr(singularDatasourceName, "options.0.admission_controller_options.0.is_pod_security_policy_enabled", "false"),
 				resource.TestCheckResourceAttr(singularDatasourceName, "options.0.kubernetes_network_config.#", "1"),
 				resource.TestCheckResourceAttr(singularDatasourceName, "options.0.kubernetes_network_config.0.pods_cidr", "10.1.0.0/16"),

internal/service/containerengine/containerengine_cluster_resource.go

@@ -230,6 +230,15 @@ func ContainerengineClusterResource() *schema.Resource {
 								},
 							},
 						},
+						"ip_families": {
+							Type:     schema.TypeList,
+							Optional: true,
+							Computed: true,
+							ForceNew: true,
+							Elem: &schema.Schema{
+								Type: schema.TypeString,
+							},
+						},
 						"kubernetes_network_config": {
 							Type:     schema.TypeList,
 							Optional: true,
@@ -463,6 +472,10 @@ func ContainerengineClusterResource() *schema.Resource {
 						// Optional
 
 						// Computed
+						"ipv6endpoint": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
 						"kubernetes": {
 							Type:     schema.TypeString,
 							Computed: true,
@@ -1194,6 +1207,15 @@ func (s *ContainerengineClusterResourceCrud) mapToAddOnOptions(fieldKeyFormat st
 	return result, nil
 }
 
+// Helper function to convert []string to []containerengine.ClusterCreateOptionsIpFamiliesEnum
+func convertToClusterCreateOptionsIpFamiliesEnum(input []string) []oci_containerengine.ClusterCreateOptionsIpFamiliesEnum {
+	output := make([]oci_containerengine.ClusterCreateOptionsIpFamiliesEnum, len(input))
+	for i, v := range input {
+		output[i] = oci_containerengine.ClusterCreateOptionsIpFamiliesEnum(v)
+	}
+	return output
+}
+
 func AddOnOptionsToMap(obj *oci_containerengine.AddOnOptions) map[string]interface{} {
 	result := map[string]interface{}{}
 
@@ -1254,6 +1276,19 @@ func (s *ContainerengineClusterResourceCrud) mapToClusterCreateOptions(fieldKeyF
 		}
 	}
 
+	if ipFamilies, ok := s.D.GetOkExists(fmt.Sprintf(fieldKeyFormat, "ip_families")); ok {
+		interfaces := ipFamilies.([]interface{})
+		tmp := make([]string, len(interfaces))
+		for i := range interfaces {
+			if interfaces[i] != nil {
+				tmp[i] = interfaces[i].(string)
+			}
+		}
+		if len(tmp) != 0 || s.D.HasChange(fmt.Sprintf(fieldKeyFormat, "ip_families")) {
+			result.IpFamilies = convertToClusterCreateOptionsIpFamiliesEnum(tmp)
+		}
+	}
+
 	if kubernetesNetworkConfig, ok := s.D.GetOkExists(fmt.Sprintf(fieldKeyFormat, "kubernetes_network_config")); ok {
 		if tmpList := kubernetesNetworkConfig.([]interface{}); len(tmpList) > 0 {
 			fieldKeyFormatNextLevel := fmt.Sprintf("%s.%d.%%s", fmt.Sprintf(fieldKeyFormat, "kubernetes_network_config"), 0)
@@ -1397,6 +1432,8 @@ func ClusterCreateOptionsToMap(obj *oci_containerengine.ClusterCreateOptions) ma
 		result["admission_controller_options"] = []interface{}{AdmissionControllerOptionsToMap(obj.AdmissionControllerOptions)}
 	}
 
+	result["ip_families"] = obj.IpFamilies
+
 	if obj.KubernetesNetworkConfig != nil {
 		result["kubernetes_network_config"] = []interface{}{KubernetesNetworkConfigToMap(obj.KubernetesNetworkConfig)}
 	}
@@ -1425,6 +1462,10 @@ func ClusterCreateOptionsToMap(obj *oci_containerengine.ClusterCreateOptions) ma
 func ClusterEndpointsToMap(obj *oci_containerengine.ClusterEndpoints) map[string]interface{} {
 	result := map[string]interface{}{}
 
+	if obj.Ipv6Endpoint != nil {
+		result["ipv6endpoint"] = string(*obj.Ipv6Endpoint)
+	}
+
 	if obj.Kubernetes != nil {
 		result["kubernetes"] = string(*obj.Kubernetes)
 	}

website/docs/d/containerengine_cluster.html.markdown

@@ -42,6 +42,7 @@ The following attributes are exported:
 	* `nsg_ids` - A list of the OCIDs of the network security groups (NSGs) to apply to the cluster endpoint. For more information about NSGs, see [NetworkSecurityGroup](https://docs.cloud.oracle.com/iaas/api/#/en/iaas/20160918/NetworkSecurityGroup/). 
 	* `subnet_id` - The OCID of the regional subnet in which to place the Cluster endpoint.
 * `endpoints` - Endpoints served up by the cluster masters.
+	* `ipv6endpoint` - The IPv6 networking Kubernetes API server endpoint.
 	* `kubernetes` - The non-native networking Kubernetes API server endpoint.
 	* `private_endpoint` - The private native networking Kubernetes API server endpoint.
 	* `public_endpoint` - The public native networking Kubernetes API server endpoint, if one was requested.
@@ -73,6 +74,7 @@ The following attributes are exported:
 		* `is_tiller_enabled` - Whether or not to enable the Tiller add-on.
 	* `admission_controller_options` - Configurable cluster admission controllers
 		* `is_pod_security_policy_enabled` - Whether or not to enable the Pod Security Policy admission controller.
+	* `ip_families` - IP family to use for single stack or define the order of IP families for dual-stack
 	* `kubernetes_network_config` - Network configuration for Kubernetes.
 		* `pods_cidr` - The CIDR block for Kubernetes pods. Optional, defaults to 10.244.0.0/16.
 		* `services_cidr` - The CIDR block for Kubernetes services. Optional, defaults to 10.96.0.0/16.

website/docs/d/containerengine_clusters.html.markdown

@@ -54,6 +54,7 @@ The following attributes are exported:
 	* `nsg_ids` - A list of the OCIDs of the network security groups (NSGs) to apply to the cluster endpoint. For more information about NSGs, see [NetworkSecurityGroup](https://docs.cloud.oracle.com/iaas/api/#/en/iaas/20160918/NetworkSecurityGroup/). 
 	* `subnet_id` - The OCID of the regional subnet in which to place the Cluster endpoint.
 * `endpoints` - Endpoints served up by the cluster masters.
+	* `ipv6endpoint` - The IPv6 networking Kubernetes API server endpoint.
 	* `kubernetes` - The non-native networking Kubernetes API server endpoint.
 	* `private_endpoint` - The private native networking Kubernetes API server endpoint.
 	* `public_endpoint` - The public native networking Kubernetes API server endpoint, if one was requested.
@@ -86,6 +87,7 @@ The following attributes are exported:
 		* `is_tiller_enabled` - Whether or not to enable the Tiller add-on.
 	* `admission_controller_options` - Configurable cluster admission controllers
 		* `is_pod_security_policy_enabled` - Whether or not to enable the Pod Security Policy admission controller.
+	* `ip_families` - IP family to use for single stack or define the order of IP families for dual-stack
 	* `kubernetes_network_config` - Network configuration for Kubernetes.
 		* `pods_cidr` - The CIDR block for Kubernetes pods. Optional, defaults to 10.244.0.0/16.
 		* `services_cidr` - The CIDR block for Kubernetes services. Optional, defaults to 10.96.0.0/16.

website/docs/r/containerengine_cluster.html.markdown

@@ -61,6 +61,7 @@ resource "oci_containerengine_cluster" "test_cluster" {
 			#Optional
 			is_pod_security_policy_enabled = var.cluster_options_admission_controller_options_is_pod_security_policy_enabled
 		}
+		ip_families = var.cluster_options_ip_families
 		kubernetes_network_config {
 
 			#Optional
@@ -136,6 +137,7 @@ The following arguments are supported:
 		* `is_tiller_enabled` - (Optional) Whether or not to enable the Tiller add-on.
 	* `admission_controller_options` - (Optional) (Updatable) Configurable cluster admission controllers
 		* `is_pod_security_policy_enabled` - (Optional) (Updatable) Whether or not to enable the Pod Security Policy admission controller.
+	* `ip_families` - (Optional) IP family to use for single stack or define the order of IP families for dual-stack
 	* `kubernetes_network_config` - (Optional) Network configuration for Kubernetes.
 		* `pods_cidr` - (Optional) The CIDR block for Kubernetes pods. Optional, defaults to 10.244.0.0/16.
 		* `services_cidr` - (Optional) The CIDR block for Kubernetes services. Optional, defaults to 10.96.0.0/16.
@@ -182,6 +184,7 @@ The following attributes are exported:
 	* `nsg_ids` - A list of the OCIDs of the network security groups (NSGs) to apply to the cluster endpoint. For more information about NSGs, see [NetworkSecurityGroup](https://docs.cloud.oracle.com/iaas/api/#/en/iaas/20160918/NetworkSecurityGroup/). 
 	* `subnet_id` - The OCID of the regional subnet in which to place the Cluster endpoint.
 * `endpoints` - Endpoints served up by the cluster masters.
+	* `ipv6endpoint` - The IPv6 networking Kubernetes API server endpoint.
 	* `kubernetes` - The non-native networking Kubernetes API server endpoint.
 	* `private_endpoint` - The private native networking Kubernetes API server endpoint.
 	* `public_endpoint` - The public native networking Kubernetes API server endpoint, if one was requested.
@@ -214,6 +217,7 @@ The following attributes are exported:
 		* `is_tiller_enabled` - Whether or not to enable the Tiller add-on.
 	* `admission_controller_options` - Configurable cluster admission controllers
 		* `is_pod_security_policy_enabled` - Whether or not to enable the Pod Security Policy admission controller.
+	* `ip_families` - IP family to use for single stack or define the order of IP families for dual-stack
 	* `kubernetes_network_config` - Network configuration for Kubernetes.
 		* `pods_cidr` - The CIDR block for Kubernetes pods. Optional, defaults to 10.244.0.0/16.
 		* `services_cidr` - The CIDR block for Kubernetes services. Optional, defaults to 10.96.0.0/16.