Add ipv6 support to capd

quickstart e2e test can be run with:
```
IP_FAMILY=IPv6 \
DOCKER_SERVICE_CIDRS="fd00:100:64::/108" \
DOCKER_POD_CIDRS="fd00:100:96::/48" \
make test-e2e
```
Note: POD_SUBNET in kindnet.yaml is now set automatically based on DOCKER_POD_CIDRS

IPFamily() method on Cluster determines the ip family
based on the service CIDRs and pod CIDRs. This is used by the docker
provider to configure the docker machines accordingly.

Co-authored-by: Christian Ang <[email protected]>

Author: mcwumbly

api/v1alpha4/cluster_types.go

@@ -21,6 +21,7 @@ import (
 	"net"
 	"strings"
 
+	"github.com/pkg/errors"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/utils/pointer"
@@ -215,6 +216,87 @@ func (c *Cluster) SetConditions(conditions Conditions) {
 	c.Status.Conditions = conditions
 }
 
+func (c *Cluster) GetIPFamily() (ClusterIPFamily, error) {
+	var podCIDRs, serviceCIDRs []string
+	if c.Spec.ClusterNetwork != nil {
+		if c.Spec.ClusterNetwork.Pods != nil {
+			podCIDRs = c.Spec.ClusterNetwork.Pods.CIDRBlocks
+		}
+		if c.Spec.ClusterNetwork.Services != nil {
+			serviceCIDRs = c.Spec.ClusterNetwork.Services.CIDRBlocks
+		}
+	}
+	if len(podCIDRs) == 0 && len(serviceCIDRs) == 0 {
+		return IPv4IPFamily, nil
+	}
+
+	podsIPFamily, err := ipFamilyForCIDRStrings(podCIDRs)
+	if err != nil {
+		return InvalidIPFamily, fmt.Errorf("pods: %s", err)
+	}
+	if len(serviceCIDRs) == 0 {
+		return podsIPFamily, nil
+	}
+
+	servicesIPFamily, err := ipFamilyForCIDRStrings(serviceCIDRs)
+	if err != nil {
+		return InvalidIPFamily, fmt.Errorf("services: %s", err)
+	}
+	if len(podCIDRs) == 0 {
+		return servicesIPFamily, nil
+	}
+
+	if podsIPFamily == DualStackIPFamily {
+		return DualStackIPFamily, nil
+	} else if podsIPFamily != servicesIPFamily {
+		return InvalidIPFamily, errors.New("pods and services IP family mismatch")
+	}
+
+	return podsIPFamily, nil
+}
+
+func ipFamilyForCIDRStrings(cidrs []string) (ClusterIPFamily, error) {
+	if len(cidrs) > 2 {
+		return InvalidIPFamily, errors.New("too many CIDRs specified")
+	}
+	var foundIPv4 bool
+	var foundIPv6 bool
+	for _, cidr := range cidrs {
+		ip, _, err := net.ParseCIDR(cidr)
+		if err != nil {
+			return InvalidIPFamily, fmt.Errorf("could not parse CIDR: %s", err)
+		}
+		if ip.To4() != nil {
+			foundIPv4 = true
+		} else {
+			foundIPv6 = true
+		}
+	}
+	switch {
+	case foundIPv4 && foundIPv6:
+		return DualStackIPFamily, nil
+	case foundIPv4:
+		return IPv4IPFamily, nil
+	case foundIPv6:
+		return IPv6IPFamily, nil
+	default:
+		return InvalidIPFamily, nil
+	}
+}
+
+type ClusterIPFamily int
+
+const (
+	InvalidIPFamily ClusterIPFamily = iota
+	IPv4IPFamily
+	IPv6IPFamily
+	DualStackIPFamily
+)
+
+func (f ClusterIPFamily) String() string {
+	return [...]string{"InvalidIPFamily", "IPv4IPFamily", "IPv6IPFamily", "DualStackIPFamily"}[f]
+}
+
 // +kubebuilder:object:root=true
 
 // ClusterList contains a list of Cluster.

api/v1alpha4/cluster_types_test.go

@@ -0,0 +1,197 @@
+/*
+Copyright 2021 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha4
+
+import (
+	"testing"
+
+	. "github.com/onsi/gomega"
+)
+
+func TestClusterIPFamily(t *testing.T) {
+	clusterWithNetwork := func(podCIDRs, serviceCIDRs []string) *Cluster {
+		return &Cluster{
+			Spec: ClusterSpec{
+				ClusterNetwork: &ClusterNetwork{
+					Pods: &NetworkRanges{
+						CIDRBlocks: podCIDRs,
+					},
+					Services: &NetworkRanges{
+						CIDRBlocks: serviceCIDRs,
+					},
+				},
+			},
+		}
+	}
+
+	validAndUnambiguous := []struct {
+		name      string
+		expectRes ClusterIPFamily
+		c         *Cluster
+	}{
+		{
+			name:      "pods: ipv4, services: ipv4",
+			expectRes: IPv4IPFamily,
+			c:         clusterWithNetwork([]string{"192.168.0.0/16"}, []string{"10.128.0.0/12"}),
+		},
+		{
+			name:      "pods: ipv4, services: nil",
+			expectRes: IPv4IPFamily,
+			c:         clusterWithNetwork([]string{"192.168.0.0/16"}, nil),
+		},
+		{
+			name:      "pods: ipv6, services: nil",
+			expectRes: IPv6IPFamily,
+			c:         clusterWithNetwork([]string{"fd00:100:96::/48"}, nil),
+		},
+		{
+			name:      "pods: ipv6, services: ipv6",
+			expectRes: IPv6IPFamily,
+			c:         clusterWithNetwork([]string{"fd00:100:96::/48"}, []string{"fd00:100:64::/108"}),
+		},
+		{
+			name:      "pods: dual-stack, services: nil",
+			expectRes: DualStackIPFamily,
+			c:         clusterWithNetwork([]string{"192.168.0.0/16", "fd00:100:96::/48"}, nil),
+		},
+		{
+			name:      "pods: dual-stack, services: ipv4",
+			expectRes: DualStackIPFamily,
+			c:         clusterWithNetwork([]string{"192.168.0.0/16", "fd00:100:96::/48"}, []string{"10.128.0.0/12"}),
+		},
+		{
+			name:      "pods: dual-stack, services: ipv6",
+			expectRes: DualStackIPFamily,
+			c:         clusterWithNetwork([]string{"192.168.0.0/16", "fd00:100:96::/48"}, []string{"fd00:100:64::/108"}),
+		},
+		{
+			name:      "pods: dual-stack, services: dual-stack",
+			expectRes: DualStackIPFamily,
+			c:         clusterWithNetwork([]string{"192.168.0.0/16", "fd00:100:96::/48"}, []string{"10.128.0.0/12", "fd00:100:64::/108"}),
+		},
+		{
+			name:      "pods: nil, services: dual-stack",
+			expectRes: DualStackIPFamily,
+			c:         clusterWithNetwork(nil, []string{"10.128.0.0/12", "fd00:100:64::/108"}),
+		},
+	}
+
+	for _, tt := range validAndUnambiguous {
+		t.Run(tt.name, func(t *testing.T) {
+			g := NewWithT(t)
+			ipFamily, err := tt.c.GetIPFamily()
+			g.Expect(ipFamily).To(Equal(tt.expectRes))
+			g.Expect(err).NotTo(HaveOccurred())
+		})
+	}
+
+	validButAmbiguous := []struct {
+		name      string
+		expectRes ClusterIPFamily
+		c         *Cluster
+	}{
+		{
+			name: "pods: nil, services: nil",
+			// this could  be ipv4, ipv6, or dual-stack; assume ipv4 for now though
+			expectRes: IPv4IPFamily,
+			c:         clusterWithNetwork(nil, nil),
+		},
+		{
+			name: "pods: nil, services: ipv4",
+			// this could be a dual-stack; assume ipv4 for now though
+			expectRes: IPv4IPFamily,
+			c:         clusterWithNetwork(nil, []string{"10.128.0.0/12"}),
+		},
+		{
+			name: "pods: nil, services: ipv6",
+			// this could be dual-stack; assume ipv6 for now though
+			expectRes: IPv6IPFamily,
+			c:         clusterWithNetwork(nil, []string{"fd00:100:64::/108"}),
+		},
+	}
+
+	for _, tt := range validButAmbiguous {
+		t.Run(tt.name, func(t *testing.T) {
+			g := NewWithT(t)
+			ipFamily, err := tt.c.GetIPFamily()
+			g.Expect(ipFamily).To(Equal(tt.expectRes))
+			g.Expect(err).NotTo(HaveOccurred())
+		})
+	}
+
+	invalid := []struct {
+		name      string
+		expectErr string
+		c         *Cluster
+	}{
+		{
+			name:      "pods: ipv4, services: ipv6",
+			expectErr: "pods and services IP family mismatch",
+			c:         clusterWithNetwork([]string{"192.168.0.0/16"}, []string{"fd00:100:64::/108"}),
+		},
+		{
+			name:      "pods: ipv6, services: ipv4",
+			expectErr: "pods and services IP family mismatch",
+			c:         clusterWithNetwork([]string{"fd00:100:96::/48"}, []string{"10.128.0.0/12"}),
+		},
+		{
+			name:      "pods: ipv6, services: dual-stack",
+			expectErr: "pods and services IP family mismatch",
+			c:         clusterWithNetwork([]string{"fd00:100:96::/48"}, []string{"10.128.0.0/12", "fd00:100:64::/108"}),
+		},
+		{
+			name:      "pods: ipv4, services: dual-stack",
+			expectErr: "pods and services IP family mismatch",
+			c:         clusterWithNetwork([]string{"192.168.0.0/16"}, []string{"10.128.0.0/12", "fd00:100:64::/108"}),
+		},
+		{
+			name:      "pods: ipv4, services: dual-stack",
+			expectErr: "pods and services IP family mismatch",
+			c:         clusterWithNetwork([]string{"192.168.0.0/16"}, []string{"10.128.0.0/12", "fd00:100:64::/108"}),
+		},
+		{
+			name:      "pods: bad cidr",
+			expectErr: "pods: could not parse CIDR",
+			c:         clusterWithNetwork([]string{"foo"}, nil),
+		},
+		{
+			name:      "services: bad cidr",
+			expectErr: "services: could not parse CIDR",
+			c:         clusterWithNetwork([]string{"192.168.0.0/16"}, []string{"foo"}),
+		},
+		{
+			name:      "pods: too many cidrs",
+			expectErr: "pods: too many CIDRs specified",
+			c:         clusterWithNetwork([]string{"192.168.0.0/16", "fd00:100:96::/48", "10.128.0.0/12"}, nil),
+		},
+		{
+			name:      "services: too many cidrs",
+			expectErr: "services: too many CIDRs specified",
+			c:         clusterWithNetwork(nil, []string{"192.168.0.0/16", "fd00:100:96::/48", "10.128.0.0/12"}),
+		},
+	}
+
+	for _, tt := range invalid {
+		t.Run(tt.name, func(t *testing.T) {
+			g := NewWithT(t)
+			ipFamily, err := tt.c.GetIPFamily()
+			g.Expect(err).To(HaveOccurred())
+			g.Expect(err).To(MatchError(ContainSubstring(tt.expectErr)))
+			g.Expect(ipFamily).To(Equal(InvalidIPFamily))
+		})
+	}
+}

test/e2e/Makefile

@@ -69,6 +69,7 @@ cluster-templates-v1alpha4: $(KUSTOMIZE) ## Generate cluster templates for v1alp
 	$(KUSTOMIZE) build $(DOCKER_TEMPLATES)/v1alpha4/cluster-template-node-drain --load_restrictor none > $(DOCKER_TEMPLATES)/v1alpha4/cluster-template-node-drain.yaml
 	$(KUSTOMIZE) build $(DOCKER_TEMPLATES)/v1alpha4/cluster-template-upgrades --load_restrictor none > $(DOCKER_TEMPLATES)/v1alpha4/cluster-template-upgrades.yaml
 	$(KUSTOMIZE) build $(DOCKER_TEMPLATES)/v1alpha4/cluster-template-kcp-scale-in --load_restrictor none > $(DOCKER_TEMPLATES)/v1alpha4/cluster-template-kcp-scale-in.yaml
+	$(KUSTOMIZE) build $(DOCKER_TEMPLATES)/v1alpha4/cluster-template-ipv6 --load_restrictor none > $(DOCKER_TEMPLATES)/v1alpha4/cluster-template-ipv6.yaml
 ## --------------------------------------
 ## Testing
 ## --------------------------------------

test/e2e/common.go

@@ -40,6 +40,7 @@ const (
 	KubernetesVersionUpgradeTo   = "KUBERNETES_VERSION_UPGRADE_TO"
 	EtcdVersionUpgradeTo         = "ETCD_VERSION_UPGRADE_TO"
 	CoreDNSVersionUpgradeTo      = "COREDNS_VERSION_UPGRADE_TO"
+	IPFamily                     = "IP_FAMILY"
 )
 
 func Byf(format string, a ...interface{}) {

test/e2e/config/docker.yaml

@@ -104,6 +104,7 @@ providers:
     - sourcePath: "../data/infrastructure-docker/v1alpha4/cluster-template-node-drain.yaml"
     - sourcePath: "../data/infrastructure-docker/v1alpha4/cluster-template-upgrades.yaml"
     - sourcePath: "../data/infrastructure-docker/v1alpha4/cluster-template-kcp-scale-in.yaml"
+    - sourcePath: "../data/infrastructure-docker/v1alpha4/cluster-template-ipv6.yaml"
     - sourcePath: "../data/shared/v1alpha4/metadata.yaml"
 
 variables:
@@ -115,8 +116,8 @@ variables:
   KUBERNETES_VERSION_UPGRADE_TO: "v1.19.1"
   KUBERNETES_VERSION_UPGRADE_FROM: "v1.18.2"
   DOCKER_SERVICE_DOMAIN: "cluster.local"
+  IP_FAMILY: "IPv4"
   DOCKER_SERVICE_CIDRS: "10.128.0.0/12"
-  # IMPORTANT! This values should match the one used by the CNI provider
   DOCKER_POD_CIDRS: "192.168.0.0/16"
   CNI: "./data/cni/kindnet/kindnet.yaml"
   EXP_CLUSTER_RESOURCE_SET: "true"

test/e2e/data/cni/kindnet/kindnet.yaml

@@ -78,7 +78,7 @@ spec:
                 fieldRef:
                   fieldPath: status.podIP
             - name: POD_SUBNET
-              value: "192.168.0.0/16"
+              value: '${DOCKER_POD_CIDRS}'
           volumeMounts:
             - name: cni-cfg
               mountPath: /etc/cni/net.d

test/e2e/data/infrastructure-docker/v1alpha4/cluster-template-ipv6/kcp-ipv6.yaml

@@ -0,0 +1,22 @@
+---
+kind: KubeadmControlPlane
+apiVersion: controlplane.cluster.x-k8s.io/v1alpha4
+metadata:
+  name: "${CLUSTER_NAME}-control-plane"
+spec:
+  kubeadmConfigSpec:
+    clusterConfiguration:
+      apiServer:
+        # host.docker.internal is required by kubetest when running on MacOS because of the way ports are proxied.
+        certSANs: [localhost, "::", "::1", host.docker.internal]
+    initConfiguration:
+      localAPIEndpoint:
+        advertiseAddress: '::'
+        bindPort: 6443
+      nodeRegistration:
+        kubeletExtraArgs:
+          node-ip: "::"
+    joinConfiguration:
+      nodeRegistration:
+        kubeletExtraArgs:
+          node-ip: "::"

test/e2e/data/infrastructure-docker/v1alpha4/cluster-template-ipv6/kustomization.yaml

@@ -0,0 +1,8 @@
+bases:
+  - ../bases/cluster-with-kcp.yaml
+  - ../bases/md.yaml
+  - ../bases/crs.yaml
+
+patchesStrategicMerge:
+  - ./md-ipv6.yaml
+  - ./kcp-ipv6.yaml

test/e2e/data/infrastructure-docker/v1alpha4/cluster-template-ipv6/md-ipv6.yaml

@@ -0,0 +1,16 @@
+---
+apiVersion: bootstrap.cluster.x-k8s.io/v1alpha4
+kind: KubeadmConfigTemplate
+metadata:
+  name: "${CLUSTER_NAME}-md-0"
+spec:
+  template:
+    spec:
+      initConfiguration:
+        nodeRegistration:
+          kubeletExtraArgs:
+            node-ip: "::"
+      joinConfiguration:
+        nodeRegistration:
+          kubeletExtraArgs:
+            node-ip: "::"

test/e2e/e2e_suite_test.go

@@ -185,6 +185,7 @@ func setupBootstrapCluster(config *clusterctl.E2EConfig, scheme *runtime.Scheme,
 			Name:               config.ManagementClusterName,
 			RequiresDockerSock: config.HasDockerProvider(),
 			Images:             config.Images,
+			IPFamily:           config.GetVariable(IPFamily),
 		})
 		Expect(clusterProvider).ToNot(BeNil(), "Failed to create a bootstrap cluster")