Put control-plane and apiserver nodes in IPv6-only subnets

kubernetes · Oct 3, 2023 · c707aeb · c707aeb
1 parent ecda9e8
commit c707aeb
Show file tree

Hide file tree

Showing 5 changed files with 5 additions and 24 deletions.
diff --git a/docs/networking/ipv6.md b/docs/networking/ipv6.md
@@ -23,7 +23,8 @@ For example, if the VPC's CIDR is `2001:db8::/56` then the syntax `/64#a` would
 
 Public and utility subnets are expected to be dual-stack. Subnets of type `Private` are expected to be IPv6-only.
 There is a new type of subnet `DualStack` which is like `Private` but is dual-stack.
-The `DualStack` subnets are used by default for the control plane and APIServer nodes.
+The `DualStack` subnets are used by default for bastion servers.
+Prior to kOps 1.29, they are also used by default for the control plane and APIServer nodes.
 
 IPv6-only subnets require Kubernetes 1.22 or later. For this reason, private topology on an IPv6 cluster also
 requires Kubernetes 1.22 or later.

diff --git a/docs/topology.md b/docs/topology.md
@@ -37,7 +37,7 @@ NAT64 range `64:ff9b::/96` is typically routed to a NAT64 device, such as an AWS
 
 A subnet of type `DualStack` is like `Private`, but supports both IPv4 and IPv6.
 
-On AWS, this subnet type is used for nodes, such as control plane nodes and bastions,
+On AWS prior to kOps 1.29, this subnet type is used for nodes, such as control plane nodes and bastions,
 which need to be instance targets of a load balancer.
 
 ## Utility Subnet

diff --git a/tests/integration/create_cluster/ipv6/expected-v1alpha2.yaml b/tests/integration/create_cluster/ipv6/expected-v1alpha2.yaml
@@ -87,7 +87,7 @@ spec:
   minSize: 1
   role: Master
   subnets:
-  - dualstack-us-test-1a
+  - us-test-1a
 
 ---
 

diff --git a/upup/pkg/fi/cloudup/new_cluster.go b/upup/pkg/fi/cloudup/new_cluster.go
@@ -493,14 +493,6 @@ func NewCluster(opt *NewClusterOptions, clientset simple.Clientset) (*NewCluster
 			if len(ig.Spec.Subnets) == 0 {
 				return nil, fmt.Errorf("control-plane InstanceGroup %s did not specify any Subnets", g.ObjectMeta.Name)
 			}
-		} else if ig.IsAPIServerOnly() && cluster.Spec.IsIPv6Only() {
-			if len(ig.Spec.Subnets) == 0 {
-				for _, subnet := range cluster.Spec.Networking.Subnets {
-					if subnet.Type != api.SubnetTypePrivate && subnet.Type != api.SubnetTypeUtility {
-						ig.Spec.Subnets = append(g.Spec.Subnets, subnet.Name)
-					}
-				}
-			}
 		} else {
 			if len(ig.Spec.Subnets) == 0 {
 				for _, subnet := range cluster.Spec.Networking.Subnets {
@@ -903,11 +895,7 @@ func setupControlPlane(opt *NewClusterOptions, cluster *api.Cluster, zoneToSubne
 			default:
 				// Use only the main subnet for control-plane nodes
 				subnet := subnets[0]
-				if opt.IPv6 && opt.Topology == api.TopologyPrivate {
-					g.Spec.Subnets = append(g.Spec.Subnets, "dualstack-"+subnet.Name)
-				} else {
-					g.Spec.Subnets = append(g.Spec.Subnets, subnet.Name)
-				}
+				g.Spec.Subnets = append(g.Spec.Subnets, subnet.Name)
 			}
 
 			if cloudProvider == api.CloudProviderGCE || cloudProvider == api.CloudProviderAzure {

diff --git a/upup/pkg/fi/cloudup/populate_instancegroup_spec.go b/upup/pkg/fi/cloudup/populate_instancegroup_spec.go
@@ -157,14 +157,6 @@ func PopulateInstanceGroupSpec(cluster *kops.Cluster, input *kops.InstanceGroup,
 		if len(ig.Spec.Subnets) == 0 {
 			return nil, fmt.Errorf("control-plane InstanceGroup %s did not specify any Subnets", ig.ObjectMeta.Name)
 		}
-	} else if ig.IsAPIServerOnly() && cluster.Spec.IsIPv6Only() {
-		if len(ig.Spec.Subnets) == 0 {
-			for _, subnet := range cluster.Spec.Networking.Subnets {
-				if subnet.Type != kops.SubnetTypePrivate && subnet.Type != kops.SubnetTypeUtility {
-					ig.Spec.Subnets = append(ig.Spec.Subnets, subnet.Name)
-				}
-			}
-		}
 	} else {
 		if len(ig.Spec.Subnets) == 0 {
 			for _, subnet := range cluster.Spec.Networking.Subnets {