Merge pull request #271 from arangodb/feature/disable-ipv6

Added `disableIPV6` Spec entry.

docs/Manual/Deployment/Kubernetes/DeploymentResource.md

@@ -325,10 +325,12 @@ servers.
 When not specified, no monitoring token is used.
 The default value is empty.
 
-### `spec.ipv6.forbidden: bool`
+### `spec.disableIPV6: bool`
 
 This setting prevents the use of IPv6 addresses by ArangoDB servers.
-The default is `false`.
+The default is `false`. 
+
+This setting cannot be changed after the deployment has been created.
 
 ### `spec.<group>.count: number`
 

pkg/apis/deployment/v1alpha/deployment_spec.go

@@ -51,6 +51,7 @@ type DeploymentSpec struct {
 	Image           *string         `json:"image,omitempty"`
 	ImagePullPolicy *v1.PullPolicy  `json:"imagePullPolicy,omitempty"`
 	DowntimeAllowed *bool           `json:"downtimeAllowed,omitempty"`
+	DisableIPV6     *bool           `json:"disableIPV6,omitempty"`
 
 	ExternalAccess ExternalAccessSpec `json:"externalAccess"`
 	RocksDB        RocksDBSpec        `json:"rocksdb"`
@@ -98,6 +99,19 @@ func (s DeploymentSpec) IsDowntimeAllowed() bool {
 	return util.BoolOrDefault(s.DowntimeAllowed)
 }
 
+// IsDisableIPV6 returns the value of disableIPV6.
+func (s DeploymentSpec) IsDisableIPV6() bool {
+	return util.BoolOrDefault(s.DisableIPV6)
+}
+
+// GetListenAddr returns "[::]" or "0.0.0.0" depending on IsDisableIPV6
+func (s DeploymentSpec) GetListenAddr() string {
+	if s.IsDisableIPV6() {
+		return "0.0.0.0"
+	}
+	return "[::]"
+}
+
 // IsAuthenticated returns true when authentication is enabled
 func (s DeploymentSpec) IsAuthenticated() bool {
 	return s.Authentication.IsAuthenticated()
@@ -180,6 +194,9 @@ func (s *DeploymentSpec) SetDefaultsFrom(source DeploymentSpec) {
 	if s.DowntimeAllowed == nil {
 		s.DowntimeAllowed = util.NewBoolOrNil(source.DowntimeAllowed)
 	}
+	if s.DisableIPV6 == nil {
+		s.DisableIPV6 = util.NewBoolOrNil(source.DisableIPV6)
+	}
 	s.ExternalAccess.SetDefaultsFrom(source.ExternalAccess)
 	s.RocksDB.SetDefaultsFrom(source.RocksDB)
 	s.Authentication.SetDefaultsFrom(source.Authentication)
@@ -269,6 +286,10 @@ func (s DeploymentSpec) ResetImmutableFields(target *DeploymentSpec) []string {
 		target.StorageEngine = NewStorageEngineOrNil(s.StorageEngine)
 		resetFields = append(resetFields, "storageEngine")
 	}
+	if s.IsDisableIPV6() != target.IsDisableIPV6() {
+		target.DisableIPV6 = util.NewBoolOrNil(s.DisableIPV6)
+		resetFields = append(resetFields, "disableIPV6")
+	}
 	if l := s.ExternalAccess.ResetImmutableFields("externalAccess", &target.ExternalAccess); l != nil {
 		resetFields = append(resetFields, l...)
 	}

pkg/apis/deployment/v1alpha/deployment_spec_test.go

@@ -96,6 +96,13 @@ func TestDeploymentSpecResetImmutableFields(t *testing.T) {
 			true,
 			[]string{"mode", "agents.count"},
 		},
+		{
+			DeploymentSpec{DisableIPV6: util.NewBool(false)},
+			DeploymentSpec{DisableIPV6: util.NewBool(true)},
+			DeploymentSpec{DisableIPV6: util.NewBool(false)},
+			false,
+			[]string{"disableIPV6"},
+		},
 	}
 
 	for _, test := range tests {

pkg/deployment/images.go

@@ -166,7 +166,7 @@ func (ib *imagesBuilder) fetchArangoDBImageIDAndVersion(ctx context.Context, ima
 	// Pod cannot be fetched, ensure it is created
 	args := []string{
 		"--server.authentication=false",
-		fmt.Sprintf("--server.endpoint=tcp://[::]:%d", k8sutil.ArangoPort),
+		fmt.Sprintf("--server.endpoint=tcp://%s:%d", ib.Spec.GetListenAddr(), k8sutil.ArangoPort),
 		"--database.directory=" + k8sutil.ArangodVolumeMountDir,
 		"--log.output=+",
 	}

pkg/deployment/resources/pod_creator.go

@@ -66,18 +66,13 @@ func createArangodArgs(apiObject metav1.Object, deplSpec api.DeploymentSpec, gro
 	options := make([]optionPair, 0, 64)
 	svrSpec := deplSpec.GetServerGroupSpec(group)
 
-	// Endpoint
-	listenAddr := "[::]"
-	/*	if apiObject.Spec.Di.DisableIPv6 {
-		listenAddr = "0.0.0.0"
-	}*/
 	//scheme := NewURLSchemes(bsCfg.SslKeyFile != "").Arangod
 	scheme := "tcp"
 	if deplSpec.IsSecure() {
 		scheme = "ssl"
 	}
 	options = append(options,
-		optionPair{"--server.endpoint", fmt.Sprintf("%s://%s:%d", scheme, listenAddr, k8sutil.ArangoPort)},
+		optionPair{"--server.endpoint", fmt.Sprintf("%s://%s:%d", scheme, deplSpec.GetListenAddr(), k8sutil.ArangoPort)},
 	)
 
 	// Authentication