Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add validation for IP family and gateways #118

Merged
merged 1 commit into from
Apr 28, 2023
Merged

Add validation for IP family and gateways #118

merged 1 commit into from
Apr 28, 2023

Conversation

tylerschultz
Copy link
Contributor

  • require IPv4 Gateway if addresses are IPv4
  • continue to not require IPv6 Gateway if addresses are IPv6
  • validate addresses are of the same family i.e cannot mix IPv4 and IPv6 addresses in a single pool
  • validate addresses and gateway are of the same family (if gateway is provided)

Relates to #70

We did some experimenting around cases with and without Gateway. We think this PR represents common understandings and preferences. This PR puts forth that Gateway should be required with pools/addresses that are IPv4, and Gateway should be optional when addresses are IPv6. We're open to feedback if these choices seem incorrect or too heavy handed.

We see that (at least in our envs) that we are able to launch IPv6 machines without configuring a Gateway. The default route is provided by Router Advertisements. This leads us to the conclusion that there are valid cases when using IPv6 that Gateway should not be required.

Asides:
We intend to PR CAPI so that Gateway is optional when the IPAddress contains an IPv6 address. We intend to PR CAPI so that it requires Gateway when the address is IPv4.

We intend to PR CAPV so that Gateway is optional when the IPAddress is IPv6.

@tylerschultz tylerschultz requested a review from schrej as a code owner April 13, 2023 17:28
schrej
schrej approved these changes Apr 17, 2023
View reviewed changes
Copy link
Member

@schrej schrej left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm. let's wait for the capi decision though.

@tylerschultz tylerschultz force-pushed the require-gateway-ipv4-pool branch from e2639d7 to 7f4a441 Compare April 27, 2023 17:55
@tylerschultz
Copy link
Contributor Author

Given the decision made in CAPI, this PR has been rebased and updated to leave Gateway optional for both IPv4 and IPv6.

schrej
schrej requested changes Apr 27, 2023
View reviewed changes
internal/webhooks/inclusterippool.go Outdated Show resolved Hide resolved
@tylerschultz @christianang
Add validation for IP family and gateways
4e964ec 
- validate addresses are of the same family i.e cannot mix IPv4 and IPv6
  addresses in a single pool
- validate addresses and gateway are of the same family (if gateway is
  provided)

Co-authored-by: Christian Ang <[email protected]>
@tylerschultz tylerschultz force-pushed the require-gateway-ipv4-pool branch from 7f4a441 to 4e964ec Compare April 27, 2023 22:18
@schrej schrej merged commit d274a18 into kubernetes-sigs:main Apr 28, 2023
@tylerschultz tylerschultz deleted the require-gateway-ipv4-pool branch April 28, 2023 16:15
@tylerschultz tylerschultz mentioned this pull request Jun 29, 2023
Closed
@ekarlso ekarlso mentioned this pull request Sep 26, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@schrej schrej schrej approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tylerschultz @schrej