Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(sc-119059): set IPv6 node external IP if there is an address, instead of IPv6Enabled flag #101

Closed
wants to merge 2 commits into from
Closed

fix(sc-119059): set IPv6 node external IP if there is an address, instead of IPv6Enabled flag #101

wants to merge 2 commits into from

Conversation

nerzhul
Copy link
Contributor

@nerzhul nerzhul commented Feb 5, 2025
edited
Loading

Description

Regarding an issue we found internally, AnnotationAlphaProvidedIPAddr is set to a Single IP, meaning IPv6 addresses are ignored by CCM This will result by IPv4 only node status. IPv6 addresses are mandatory here since cilium 1.17.
If IPv6 is enabled on cilium and node don't have IPv6 addresses, the related pod startup fail with this error:

failed to start: daemon creation failed: unable to connect to get node spec from apiserver: node kube-sks-xxx-xx-xx does not have an IPv6 address

Also fix some golang reported vuln + testify dep

  • net/http CVE
  • go/crypto CVE

Note: after publishing this to master (after validation on our env) we should produce a release to be used asap on our Dual Stack cilium backed environments

Checklist

(For exoscale contributors)

  • Changelog updated (under Unreleased block)
  • Testing

Testing

@nerzhul
fix(sc-119059): set IPv6 node external IP if there is an address, ins…
6e1603e 
…tance of IPv6Enabled flag

Regarding an issue we found internally, there is no ipv6-enabled flag in the payload, meaning IPv6 addresses are ignored by CCM
This will result by IPv4 only node status. IPv6 addresses are mandatory here since cilium 1.17
@nerzhul nerzhul requested review from a team February 5, 2025 14:29
@nerzhul nerzhul marked this pull request as ready for review February 5, 2025 14:29
PhilippeChepy
PhilippeChepy approved these changes Feb 5, 2025
View reviewed changes
Copy link
Member

@PhilippeChepy PhilippeChepy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@zyegfryed zyegfryed changed the title fix(sc-119059): set IPv6 node external IP if there is an address, instance of IPv6Enabled flag fix(sc-119059): set IPv6 node external IP if there is an address, instead of IPv6Enabled flag Feb 5, 2025
@nerzhul nerzhul added the HOLD ✋ Hold, don't merge (no review queue) label Feb 5, 2025
@nerzhul nerzhul removed the request for review from a team February 5, 2025 16:18
@nerzhul nerzhul marked this pull request as draft February 5, 2025 16:18
@nerzhul
Copy link
Contributor Author

nerzhul commented Feb 5, 2025

putted back on draft, the issue is more complex than this assumption (which works but it's not what we expect).

@nerzhul
Copy link
Contributor Author

nerzhul commented Feb 5, 2025

thanks for the review. I'm discarding the PR as it's not relevant. CCM is working fine. The issue is our --node-ip flag passed with the kubelet setting alpha.kubernetes.io/provided-node-ip annotation with a single IPv4. This is not patched after restart of the kubelet or if annotation is missing. It's only set on creation

@nerzhul nerzhul closed this Feb 5, 2025
@nerzhul nerzhul deleted the feat/sc-119059 branch February 5, 2025 16:44
@zyegfryed
Copy link
Member

Superseded by exoscale/puppet8#1649

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zyegfryed zyegfryed zyegfryed approved these changes

@PhilippeChepy PhilippeChepy PhilippeChepy approved these changes

Assignees
No one assigned
Labels
HOLD ✋ Hold, don't merge (no review queue)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@nerzhul @zyegfryed @PhilippeChepy