From 0963bff519f6ef2bb0f708c700a2162548f2b7fd Mon Sep 17 00:00:00 2001 From: Eduardo Almeida Date: Wed, 30 Apr 2025 17:07:02 -0300 Subject: [PATCH] Add ingress-nginx support to dual-stack via overrides MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Enable nginx service to use IPv4 and IPv6 on the cluster network. Update overrides to compute `ipFamilies` from address pools and set `ipFamilyPolicy: PreferDualStack`, prioritizing the cluster’s primary pool. Test Cases: PASS: build-pkgs. PASS: On an AIO-SX system with dual stack configured: - Running `kubectl describe` for the nginx service pod should return both IPv4 and IPv6 on the `IP Family Policy` section. - Attaching to a running pod and performing a `nslookup` on the nginx service name should return ips for both families. Closes-Bug: 2109791 Change-Id: I996b8d37a2fa41b85835261e69906a8ed9be5e07 Signed-off-by: Eduardo Almeida --- .../helm/ingress_nginx.py | 40 +++++++++++++++++-- 1 file changed, 36 insertions(+), 4 deletions(-) diff --git a/python3-k8sapp-nginx-ingress-controller/k8sapp_nginx_ingress_controller/k8sapp_nginx_ingress_controller/helm/ingress_nginx.py b/python3-k8sapp-nginx-ingress-controller/k8sapp_nginx_ingress_controller/k8sapp_nginx_ingress_controller/helm/ingress_nginx.py index 30a6676..63c8cf4 100644 --- a/python3-k8sapp-nginx-ingress-controller/k8sapp_nginx_ingress_controller/k8sapp_nginx_ingress_controller/helm/ingress_nginx.py +++ b/python3-k8sapp-nginx-ingress-controller/k8sapp_nginx_ingress_controller/k8sapp_nginx_ingress_controller/helm/ingress_nginx.py @@ -7,6 +7,7 @@ from k8sapp_nginx_ingress_controller.common import constants as app_constants from oslo_log import log from sysinv.common import constants from sysinv.common import exception +from sysinv.common import utils from sysinv.helm import base LOG = log.getLogger(__name__) @@ -26,17 +27,48 @@ class IngressNginxHelm(base.BaseHelm): [app_constants.HELM_NS_NGINX_INGRESS_CONTROLLER] } + ADDR_NAME = utils.format_address_name( + constants.CONTROLLER_HOSTNAME, + constants.NETWORK_TYPE_OAM) + + def _compute_ip_family_policy(self): + """ + Compute the IP family policy and list of IP families + for the service, based on configured address pools. + + Returns a tuple of (policy, ip_families), where: + - policy is "PreferDualStack" if both IPv4 and + IPv6 pools are present, otherwise "SingleStack". + - ip_families is a list of unique families, with the + primary pool family first in dual-stack scenarios. + """ + addresses = self.dbapi.address_get_by_name(self.ADDR_NAME) + family_map = {4: 'IPv4', 6: 'IPv6'} + + # collect unique families + ip_families = {family_map[addr.family] for addr in addresses} + + # Dual-stack: primary first + if len(ip_families) > 1: + networks = self.dbapi.networks_get_by_type( + constants.NETWORK_TYPE_OAM) + primary = networks[0].primary_pool_family + ip_families.discard(primary) + return "PreferDualStack", [primary] + list(ip_families) + + # Single-stack + return "SingleStack", list(ip_families) + def get_overrides(self, namespace=None): LOG.info("Generating system_overrides for %s chart." % self.CHART) - ip_family = "IPv6" if self._is_ipv6_cluster_service() else "IPv4" + policy, families = self._compute_ip_family_policy() overrides = { app_constants.HELM_NS_NGINX_INGRESS_CONTROLLER: { 'controller': { 'service': { - 'ipFamilies': [ - ip_family - ] + 'ipFamilyPolicy': policy, + 'ipFamilies': families } }, 'fullnameOverride': 'ic-nginx-ingress-ingress-nginx'