From c707aebb843b163e1de17aaa14fe8b8431120695 Mon Sep 17 00:00:00 2001
From: John Gardiner Myers <jgmyers@proofpoint.com>
Date: Mon, 2 Oct 2023 17:23:14 -0700
Subject: [PATCH] Put control-plane and apiserver nodes in IPv6-only subnets

---
 docs/networking/ipv6.md                            |  3 ++-
 docs/topology.md                                   |  2 +-
 .../create_cluster/ipv6/expected-v1alpha2.yaml     |  2 +-
 upup/pkg/fi/cloudup/new_cluster.go                 | 14 +-------------
 upup/pkg/fi/cloudup/populate_instancegroup_spec.go |  8 --------
 5 files changed, 5 insertions(+), 24 deletions(-)

diff --git a/docs/networking/ipv6.md b/docs/networking/ipv6.md
index ef24a075cd0e9..f84b0a73436e4 100644
--- a/docs/networking/ipv6.md
+++ b/docs/networking/ipv6.md
@@ -23,7 +23,8 @@ For example, if the VPC's CIDR is `2001:db8::/56` then the syntax `/64#a` would
 
 Public and utility subnets are expected to be dual-stack. Subnets of type `Private` are expected to be IPv6-only.
 There is a new type of subnet `DualStack` which is like `Private` but is dual-stack.
-The `DualStack` subnets are used by default for the control plane and APIServer nodes.
+The `DualStack` subnets are used by default for bastion servers.
+Prior to kOps 1.29, they are also used by default for the control plane and APIServer nodes.
 
 IPv6-only subnets require Kubernetes 1.22 or later. For this reason, private topology on an IPv6 cluster also
 requires Kubernetes 1.22 or later.
diff --git a/docs/topology.md b/docs/topology.md
index 0d597d713bc64..d2e709d0f269b 100644
--- a/docs/topology.md
+++ b/docs/topology.md
@@ -37,7 +37,7 @@ NAT64 range `64:ff9b::/96` is typically routed to a NAT64 device, such as an AWS
 
 A subnet of type `DualStack` is like `Private`, but supports both IPv4 and IPv6.
 
-On AWS, this subnet type is used for nodes, such as control plane nodes and bastions,
+On AWS prior to kOps 1.29, this subnet type is used for nodes, such as control plane nodes and bastions,
 which need to be instance targets of a load balancer.
 
 ## Utility Subnet
diff --git a/tests/integration/create_cluster/ipv6/expected-v1alpha2.yaml b/tests/integration/create_cluster/ipv6/expected-v1alpha2.yaml
index 6e869b192bac5..d6d4524afa4d1 100644
--- a/tests/integration/create_cluster/ipv6/expected-v1alpha2.yaml
+++ b/tests/integration/create_cluster/ipv6/expected-v1alpha2.yaml
@@ -87,7 +87,7 @@ spec:
   minSize: 1
   role: Master
   subnets:
-  - dualstack-us-test-1a
+  - us-test-1a
 
 ---
 
diff --git a/upup/pkg/fi/cloudup/new_cluster.go b/upup/pkg/fi/cloudup/new_cluster.go
index 24d549bd8b511..728db1eb5f740 100644
--- a/upup/pkg/fi/cloudup/new_cluster.go
+++ b/upup/pkg/fi/cloudup/new_cluster.go
@@ -493,14 +493,6 @@ func NewCluster(opt *NewClusterOptions, clientset simple.Clientset) (*NewCluster
 			if len(ig.Spec.Subnets) == 0 {
 				return nil, fmt.Errorf("control-plane InstanceGroup %s did not specify any Subnets", g.ObjectMeta.Name)
 			}
-		} else if ig.IsAPIServerOnly() && cluster.Spec.IsIPv6Only() {
-			if len(ig.Spec.Subnets) == 0 {
-				for _, subnet := range cluster.Spec.Networking.Subnets {
-					if subnet.Type != api.SubnetTypePrivate && subnet.Type != api.SubnetTypeUtility {
-						ig.Spec.Subnets = append(g.Spec.Subnets, subnet.Name)
-					}
-				}
-			}
 		} else {
 			if len(ig.Spec.Subnets) == 0 {
 				for _, subnet := range cluster.Spec.Networking.Subnets {
@@ -903,11 +895,7 @@ func setupControlPlane(opt *NewClusterOptions, cluster *api.Cluster, zoneToSubne
 			default:
 				// Use only the main subnet for control-plane nodes
 				subnet := subnets[0]
-				if opt.IPv6 && opt.Topology == api.TopologyPrivate {
-					g.Spec.Subnets = append(g.Spec.Subnets, "dualstack-"+subnet.Name)
-				} else {
-					g.Spec.Subnets = append(g.Spec.Subnets, subnet.Name)
-				}
+				g.Spec.Subnets = append(g.Spec.Subnets, subnet.Name)
 			}
 
 			if cloudProvider == api.CloudProviderGCE || cloudProvider == api.CloudProviderAzure {
diff --git a/upup/pkg/fi/cloudup/populate_instancegroup_spec.go b/upup/pkg/fi/cloudup/populate_instancegroup_spec.go
index ddbed298cf798..00e96ac427438 100644
--- a/upup/pkg/fi/cloudup/populate_instancegroup_spec.go
+++ b/upup/pkg/fi/cloudup/populate_instancegroup_spec.go
@@ -157,14 +157,6 @@ func PopulateInstanceGroupSpec(cluster *kops.Cluster, input *kops.InstanceGroup,
 		if len(ig.Spec.Subnets) == 0 {
 			return nil, fmt.Errorf("control-plane InstanceGroup %s did not specify any Subnets", ig.ObjectMeta.Name)
 		}
-	} else if ig.IsAPIServerOnly() && cluster.Spec.IsIPv6Only() {
-		if len(ig.Spec.Subnets) == 0 {
-			for _, subnet := range cluster.Spec.Networking.Subnets {
-				if subnet.Type != kops.SubnetTypePrivate && subnet.Type != kops.SubnetTypeUtility {
-					ig.Spec.Subnets = append(ig.Spec.Subnets, subnet.Name)
-				}
-			}
-		}
 	} else {
 		if len(ig.Spec.Subnets) == 0 {
 			for _, subnet := range cluster.Spec.Networking.Subnets {