Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

networking: option to enable ipv6 on bridge network #23882

Merged
merged 3 commits into from
Sep 4, 2024
Merged

networking: option to enable ipv6 on bridge network #23882

merged 3 commits into from
Sep 4, 2024

Conversation

gulducat
Copy link
Member

Users may optionally enable IPv6 on the Nomad bridge network mode by setting bridge_network_subnet_ipv6 in the client config.

Aside from that, there is a small functional change regarding our attempt to force-cleanup iptables if CNI fails to do so. Now if the postrouting rule is not found, it only logs that instead of returning an error. This way the new best-effort attempt to cleanup ip6tables can be less frightening in the logs if ipv6 isn't even enabled on the bridge.

Resolves #14101

@gulducat gulducat mentioned this pull request Aug 27, 2024
Closed
gulducat
gulducat commented Aug 27, 2024
View reviewed changes
client/allocrunner/cni/bridge.go
Comment on lines +45 to +46
ipRanges = append(ipRanges, []Range{{Subnet: conf.IPv6Subnet}})
ipRoutes = append(ipRoutes, Route{Dst: "::/0"})
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

these are the meat and potatoes; everything else revolves around this.

tgross
tgross approved these changes Sep 3, 2024
View reviewed changes
Copy link
Member

@tgross tgross left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

command/agent/testdata/basic.json
Comment on lines 78 to +79
"bridge_network_subnet": "custom_bridge_subnet",
"bridge_network_subnet_ipv6": "custom_bridge_subnet_ipv6",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's a little weird that our tests have invalid values here (I think these aren't valid?)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's a good point - they're not validated anywhere until they actually get used at allocation-time.

I always hated finding out about bad client config that way, when an alloc fails through no fault of the jobspec. I would prefer to have the client fail to start instead of be sitting around quietly poisoned. Would this be a good place to add a check?

https://github.com/hashicorp/nomad/pull/23882/files#diff-430a3b367fc84668c6ae1cb6936b7a7b5c5b321f42aa754c23618f848faf87b1R893

I can also add validation for custom ipv4 subnet while I'm in here, too. A major version bump is probably a good time to go for that, eh?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, that looks like as good a place as any... there's a few other bits of client config validation we do there.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I went down the road of requiring that these test configs be valid, but the test cases are really about parsing the HCL, not also validating them, which happens a little later.

So in a2f436b I just added unit tests around the one function that I added the validation to, and left these values as they are.

tgross
tgross reviewed Sep 3, 2024
View reviewed changes
command/agent/agent.go Outdated Show resolved Hide resolved
@gulducat gulducat added this to the 1.9.0 milestone Sep 3, 2024
tgross
tgross approved these changes Sep 4, 2024
View reviewed changes
Copy link
Member

@tgross tgross left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@gulducat gulducat merged commit 2f5cf8e into main Sep 4, 2024
21 checks passed
@gulducat gulducat deleted the ipv6-bridge-rebase branch September 4, 2024 15:17
@gulducat gulducat mentioned this pull request Sep 4, 2024
Closed
@gulducat gulducat mentioned this pull request Sep 13, 2024
Merged
@gulducat gulducat mentioned this pull request Oct 14, 2024
Merged
@hc-github-team-nomad-core hc-github-team-nomad-core mentioned this pull request Oct 14, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tgross tgross tgross approved these changes

@shoenig shoenig Awaiting requested review from shoenig

@jrasell jrasell Awaiting requested review from jrasell

Assignees
No one assigned
Labels
theme/ipv6 theme/networking
Projects
None yet
Milestone
1.9.0
Development

Successfully merging this pull request may close these issues.

support ipv6 connectivity for the bridge network
3 participants
@gulducat @tgross @martisah