Temp fix for the dual stack cluster to enable public ipv6 nodeport datapath

Author: komer3

Makefile

@@ -36,6 +36,9 @@ CAAPH_VERSION           ?= "v0.6.1"
 # renovate: datasource=github-tags depName=linode/cluster-api-provider-linode
 CAPL_VERSION            ?= "v0.10.1"
 
+# renovate: datasource=github-tags depName=cilium/cilium
+CILIUM_VERSION          ?= "1.18.7"
+
 # renovate: datasource=github-tags depName=golangci/golangci-lint
 GOLANGCI_LINT_VERSION   ?= "v2.11.3"
 
@@ -165,15 +168,23 @@ run-debug: build
 mgmt-and-capl-cluster: docker-setup mgmt-cluster capl-cluster
 
 .PHONY: capl-cluster
-capl-cluster: generate-capl-cluster-manifests create-capl-cluster patch-linode-ccm
+capl-cluster: generate-capl-cluster-manifests create-capl-cluster
 
 .PHONY: generate-capl-cluster-manifests
 generate-capl-cluster-manifests: clusterctl
 	# Create the CAPL cluster manifests without any CSI driver stuff
-	LINODE_FIREWALL_ENABLED=$(LINODE_FIREWALL_ENABLED) LINODE_OS=$(LINODE_OS) VPC_NAME=$(VPC_NAME) $(CLUSTERCTL) generate cluster $(CLUSTER_NAME) \
+	LINODE_FIREWALL_ENABLED=$(LINODE_FIREWALL_ENABLED) LINODE_OS=$(LINODE_OS) VPC_NAME=$(VPC_NAME) CILIUM_VERSION=$(CILIUM_VERSION) $(CLUSTERCTL) generate cluster $(CLUSTER_NAME) \
 		--kubernetes-version $(K8S_VERSION) --infrastructure linode-linode:$(CAPL_VERSION) \
 		--control-plane-machine-count $(CONTROLPLANE_NODES) --worker-machine-count $(WORKER_NODES) --flavor kubeadm-dual-stack > $(MANIFEST_NAME).yaml
 	yq -i e 'select(.kind == "LinodeVPC").spec.ipv6Range = [{"range": "auto"}] | select(.kind == "LinodeVPC").spec.subnets = [{"ipv4": "10.0.0.0/8", "label": "default", "ipv6Range": [{"range": "auto"}]}, {"ipv4": "172.16.0.0/16", "label": "testing", "ipv6Range": [{"range": "auto"}]}]' $(MANIFEST_NAME).yaml
+	yq e 'select(.kind == "HelmChartProxy" and .spec.chartName == "cilium").spec.valuesTemplate' $(MANIFEST_NAME).yaml > tmp-cilium.yaml
+	yq -i e '.devices = ["eth0", "eth1"] | .nodePort.addresses = ["0.0.0.0/0", "::/0"] | .nodePort.directRoutingDevice = "eth0" | .hostFirewall.enabled = false | del(.extraArgs[] | select(. == "--nodeport-addresses=0.0.0.0/0")) | del(.extraArgs[] | select(. == "--nodeport-addresses=0.0.0.0/0,::/0"))' tmp-cilium.yaml
+	yq -i e 'select(.kind == "HelmChartProxy" and .spec.chartName == "cilium").spec.valuesTemplate = load_str("tmp-cilium.yaml")' $(MANIFEST_NAME).yaml
+	rm tmp-cilium.yaml
+	yq e 'select(.kind == "HelmChartProxy" and .spec.chartName == "ccm-linode").spec.valuesTemplate' $(MANIFEST_NAME).yaml > tmp.yaml
+	IMG_TAG=$${IMG##*:} yq -i e '.image.tag = strenv(IMG_TAG) | .image.pullPolicy = "Always"' tmp.yaml
+	yq -i e 'select(.kind == "HelmChartProxy" and .spec.chartName == "ccm-linode").spec.valuesTemplate = load_str("tmp.yaml")' $(MANIFEST_NAME).yaml
+	rm tmp.yaml
 
 .PHONY: create-capl-cluster
 create-capl-cluster: clusterctl
@@ -189,6 +200,7 @@ create-capl-cluster: clusterctl
 .PHONY: patch-linode-ccm
 patch-linode-ccm:
 	KUBECONFIG=$(KUBECONFIG_PATH) kubectl patch -n kube-system daemonset ccm-linode --type='json' -p="[{'op': 'replace', 'path': '/spec/template/spec/containers/0/image', 'value': '${IMG}'}]"
+	KUBECONFIG=$(KUBECONFIG_PATH) kubectl patch -n kube-system daemonset ccm-linode --type='json' -p='[{"op": "replace", "path": "/spec/template/spec/containers/0/imagePullPolicy", "value": "Always"}]'
 	KUBECONFIG=$(KUBECONFIG_PATH) kubectl patch -n kube-system daemonset ccm-linode --type='json' -p='[{"op": "add", "path": "/spec/template/spec/containers/0/env/-", "value": {"name": "LINODE_API_VERSION", "value": "v4beta"}}]'
 	KUBECONFIG=$(KUBECONFIG_PATH) kubectl rollout status -n kube-system daemonset/ccm-linode --timeout=600s
 	KUBECONFIG=$(KUBECONFIG_PATH) kubectl -n kube-system get daemonset/ccm-linode -o yaml

e2e/test/lb-with-ipv6-backends/chainsaw-test.yaml

@@ -78,22 +78,43 @@ spec:
               ($error): ~
               (contains($stdout, 'NO_BACKEND_ADDRESSES')): false
               (contains($stdout, 'is NOT IPv6')): false
+    - name: Wait for loadbalancer to start serving traffic
+      try:
+        - script:
+            timeout: 10m
+            content: |
+              bash -ce '
+              TARGET_IP=$(kubectl get svc svc-test -n "$NAMESPACE" -o json | jq -r '"'"'.status.loadBalancer.ingress[]? | select(.ip != null and (.ip | contains(":") | not)) | .ip'"'"' | head -n1)
+              TARGET="http://$TARGET_IP:80"
+
+              for i in {1..24}; do
+                  output=$(curl -s --max-time 8 "$TARGET" | jq -r .podName 2>/dev/null || true)
+                  if [[ "$output" == *"test-"* ]]; then
+                      echo "loadbalancer ready"
+                      exit 0
+                  fi
+                  sleep 5
+              done
+
+              echo "loadbalancer not ready"
+              exit 1
+              '
+            check:
+              ($error == null): true
+              (contains($stdout, 'loadbalancer ready')): true
     - name: Fetch loadbalancer ip and check both pods reachable
       try:
         - script:
+            timeout: 10m
             content: |
               bash -ce '
-              IP=$(kubectl get svc svc-test -n "$NAMESPACE" -o json | jq -r .status.loadBalancer.ingress[0].ip)
-              if [[ "$IP" == *:* ]]; then
-                  TARGET="[$IP]"
-              else
-                  TARGET="$IP"
-              fi
+              TARGET_IP=$(kubectl get svc svc-test -n "$NAMESPACE" -o json | jq -r '"'"'.status.loadBalancer.ingress[]? | select(.ip != null and (.ip | contains(":") | not)) | .ip'"'"' | head -n1)
+              TARGET="http://$TARGET_IP:80"
               podnames=()
 
               for i in {1..10}; do
                   if [[ ${#podnames[@]} -lt 2 ]]; then
-                      output=$(curl -s "${TARGET}:80" | jq -e .podName || true)
+                      output=$(curl -s --max-time 8 "$TARGET" | jq -e .podName || true)
 
                       if [[ "$output" == *"test-"* ]]; then
                           unique=true