diff --git a/docs/Manual/Deployment/Kubernetes/DeploymentResource.md b/docs/Manual/Deployment/Kubernetes/DeploymentResource.md index 01a3d80ab..1e05de4aa 100644 --- a/docs/Manual/Deployment/Kubernetes/DeploymentResource.md +++ b/docs/Manual/Deployment/Kubernetes/DeploymentResource.md @@ -325,10 +325,12 @@ servers. When not specified, no monitoring token is used. The default value is empty. -### `spec.ipv6.forbidden: bool` +### `spec.disableIPV6: bool` This setting prevents the use of IPv6 addresses by ArangoDB servers. -The default is `false`. +The default is `false`. + +This setting cannot be changed after the deployment has been created. ### `spec..count: number` diff --git a/pkg/apis/deployment/v1alpha/deployment_spec.go b/pkg/apis/deployment/v1alpha/deployment_spec.go index aff2041a0..5c51a4728 100644 --- a/pkg/apis/deployment/v1alpha/deployment_spec.go +++ b/pkg/apis/deployment/v1alpha/deployment_spec.go @@ -51,6 +51,7 @@ type DeploymentSpec struct { Image *string `json:"image,omitempty"` ImagePullPolicy *v1.PullPolicy `json:"imagePullPolicy,omitempty"` DowntimeAllowed *bool `json:"downtimeAllowed,omitempty"` + DisableIPV6 *bool `json:"disableIPV6,omitempty"` ExternalAccess ExternalAccessSpec `json:"externalAccess"` RocksDB RocksDBSpec `json:"rocksdb"` @@ -98,6 +99,19 @@ func (s DeploymentSpec) IsDowntimeAllowed() bool { return util.BoolOrDefault(s.DowntimeAllowed) } +// IsDisableIPV6 returns the value of disableIPV6. +func (s DeploymentSpec) IsDisableIPV6() bool { + return util.BoolOrDefault(s.DisableIPV6) +} + +// GetListenAddr returns "[::]" or "0.0.0.0" depending on IsDisableIPV6 +func (s DeploymentSpec) GetListenAddr() string { + if s.IsDisableIPV6() { + return "0.0.0.0" + } + return "[::]" +} + // IsAuthenticated returns true when authentication is enabled func (s DeploymentSpec) IsAuthenticated() bool { return s.Authentication.IsAuthenticated() @@ -180,6 +194,9 @@ func (s *DeploymentSpec) SetDefaultsFrom(source DeploymentSpec) { if s.DowntimeAllowed == nil { s.DowntimeAllowed = util.NewBoolOrNil(source.DowntimeAllowed) } + if s.DisableIPV6 == nil { + s.DisableIPV6 = util.NewBoolOrNil(source.DisableIPV6) + } s.ExternalAccess.SetDefaultsFrom(source.ExternalAccess) s.RocksDB.SetDefaultsFrom(source.RocksDB) s.Authentication.SetDefaultsFrom(source.Authentication) @@ -269,6 +286,10 @@ func (s DeploymentSpec) ResetImmutableFields(target *DeploymentSpec) []string { target.StorageEngine = NewStorageEngineOrNil(s.StorageEngine) resetFields = append(resetFields, "storageEngine") } + if s.IsDisableIPV6() != target.IsDisableIPV6() { + target.DisableIPV6 = util.NewBoolOrNil(s.DisableIPV6) + resetFields = append(resetFields, "disableIPV6") + } if l := s.ExternalAccess.ResetImmutableFields("externalAccess", &target.ExternalAccess); l != nil { resetFields = append(resetFields, l...) } diff --git a/pkg/apis/deployment/v1alpha/deployment_spec_test.go b/pkg/apis/deployment/v1alpha/deployment_spec_test.go index f3fd5e3c4..4bd447905 100644 --- a/pkg/apis/deployment/v1alpha/deployment_spec_test.go +++ b/pkg/apis/deployment/v1alpha/deployment_spec_test.go @@ -96,6 +96,13 @@ func TestDeploymentSpecResetImmutableFields(t *testing.T) { true, []string{"mode", "agents.count"}, }, + { + DeploymentSpec{DisableIPV6: util.NewBool(false)}, + DeploymentSpec{DisableIPV6: util.NewBool(true)}, + DeploymentSpec{DisableIPV6: util.NewBool(false)}, + false, + []string{"disableIPV6"}, + }, } for _, test := range tests { diff --git a/pkg/apis/deployment/v1alpha/zz_generated.deepcopy.go b/pkg/apis/deployment/v1alpha/zz_generated.deepcopy.go index 9afc322e4..37e37b3a4 100644 --- a/pkg/apis/deployment/v1alpha/zz_generated.deepcopy.go +++ b/pkg/apis/deployment/v1alpha/zz_generated.deepcopy.go @@ -239,6 +239,11 @@ func (in *DeploymentSpec) DeepCopyInto(out *DeploymentSpec) { *out = new(bool) **out = **in } + if in.DisableIPV6 != nil { + in, out := &in.DisableIPV6, &out.DisableIPV6 + *out = new(bool) + **out = **in + } in.ExternalAccess.DeepCopyInto(&out.ExternalAccess) in.RocksDB.DeepCopyInto(&out.RocksDB) in.Authentication.DeepCopyInto(&out.Authentication) diff --git a/pkg/deployment/images.go b/pkg/deployment/images.go index 565d06a0f..479305f5c 100644 --- a/pkg/deployment/images.go +++ b/pkg/deployment/images.go @@ -166,7 +166,7 @@ func (ib *imagesBuilder) fetchArangoDBImageIDAndVersion(ctx context.Context, ima // Pod cannot be fetched, ensure it is created args := []string{ "--server.authentication=false", - fmt.Sprintf("--server.endpoint=tcp://[::]:%d", k8sutil.ArangoPort), + fmt.Sprintf("--server.endpoint=tcp://%s:%d", ib.Spec.GetListenAddr(), k8sutil.ArangoPort), "--database.directory=" + k8sutil.ArangodVolumeMountDir, "--log.output=+", } diff --git a/pkg/deployment/resources/pod_creator.go b/pkg/deployment/resources/pod_creator.go index 58fa7833a..a60957f8e 100644 --- a/pkg/deployment/resources/pod_creator.go +++ b/pkg/deployment/resources/pod_creator.go @@ -66,18 +66,13 @@ func createArangodArgs(apiObject metav1.Object, deplSpec api.DeploymentSpec, gro options := make([]optionPair, 0, 64) svrSpec := deplSpec.GetServerGroupSpec(group) - // Endpoint - listenAddr := "[::]" - /* if apiObject.Spec.Di.DisableIPv6 { - listenAddr = "0.0.0.0" - }*/ //scheme := NewURLSchemes(bsCfg.SslKeyFile != "").Arangod scheme := "tcp" if deplSpec.IsSecure() { scheme = "ssl" } options = append(options, - optionPair{"--server.endpoint", fmt.Sprintf("%s://%s:%d", scheme, listenAddr, k8sutil.ArangoPort)}, + optionPair{"--server.endpoint", fmt.Sprintf("%s://%s:%d", scheme, deplSpec.GetListenAddr(), k8sutil.ArangoPort)}, ) // Authentication