forked from gardener/gardener
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[GEP-21] Handle Seed IPFamilies (IPv6) (gardener#7561)
* Replace decentralized FeatureGates with one centralized FeatureGate Signed-off-by: Niclas Schad <niclas.schad@stackit.de> * Regenerate certificate for gardener-admission-controller webhook * Enable featureGate IPv6SingleStack and load featuresGates before validating SeedConfig * Only filter envoyfilter via port number Currently filtering by name restricts traffic to IPv4 only. By filtering via port number this restriction is resolved and all traffic is respected. * Filter config files via ipFamily * Deploy IPv6 ready gardenlet * Set IPv6 CIDRs via skaffold * Set IPv6 IPs for local development setup * Update Documentation for IPv6 local development Signed-off-by: Felix Breuer <fbreuer@pm.me> * Use net package to join host with port Signed-off-by: Felix Breuer <fbreuer@pm.me> * Make `IPv6SingleStack` explanation clearer * Document purpose of central feature gate map * Clean up gardenlet `bootstrapKubeconfig` values Use the same `bootstrapKubeconfig` for all clusters with the in-cluster kubernetes service except for the kind2 cluster. With this, kind2 won't work with IPv6 single-stack, but we can live with this for now. * Fix SC2235 * Switch back to kind node's hostname We tried to use `kubernetes.default.svc` instead of the kind node's hostname as the garden cluster address for the gardenlet values. This works from within the kind cluster itself also if it is IPv6 single-stack. However, it doesn't work from within `ManagedSeeds`. Hence, the managed seed e2e fails because gardenlet cannot register itself in the garden cluster. * Document requirement for IPv6 `localhost` entry in `/etc/hosts` * Introduce `garden.local.gardener.cloud` hostname that works everywhere This replaces the use of kind container names to reach the garden cluster and to reach the registry mirrors. This works in - the first and the second kind cluster - in IPv4 and IPv6 kind clusters * Adapt `0.0.0.0/0` `NetworkPolicies` * Use `net.JoinHostPort` in all components * Drop `bindAddress=0.0.0.0` everywhere, drop unnecessary IPv6 switches `net.Listen` listens on all available IP addresses if the hostname (configured by `*bindAddress` fields) is omitted. I.e., this works for both IP families without explicit configuration. This simplifies a lot of config files and development scripts. * Make `bindAddress` chart values optional * Dump logs from containerd-configuration-local-setup service * Fix IP and cert handling in provider-local process-based setup * Add missing license header * Add missing comment for `gardener-admission-controller` `clusterIP` usage * Consistently set feature gates in `validate` * Manage kind network ourselves * Replace `jq` in `kind-up.sh` with `yq` * Move `DefaultFeatureGate.SetFromMap` to `options.complete` --------- Signed-off-by: Niclas Schad <niclas.schad@stackit.de> Signed-off-by: Felix Breuer <fbreuer@pm.me> Co-authored-by: Niclas Schad <niclas.schad@stackit.de> Co-authored-by: Tim Ebert <timebertt@gmail.com>
- Loading branch information
1 parent
a36c673
commit 375af56
Showing
123 changed files
with
773 additions
and
561 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -21,5 +21,7 @@ spec: | |
podSelector: {} | ||
- ipBlock: | ||
cidr: 0.0.0.0/0 | ||
- ipBlock: | ||
cidr: ::/0 | ||
policyTypes: | ||
- Egress |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.