fix(slr): address family and familypolicy isn't correct (#5349)

Signed-off-by: SkalaNetworks <contact@skala.network>

Author: SkalaNetworks

pkg/controller/switch_lb_rule.go

@@ -13,6 +13,7 @@ import (
 	"k8s.io/apimachinery/pkg/util/intstr"
 	"k8s.io/client-go/tools/cache"
 	"k8s.io/klog/v2"
+	"k8s.io/utils/set"
 
 	kubeovnv1 "github.com/kubeovn/kube-ovn/pkg/apis/kubeovn/v1"
 	"github.com/kubeovn/kube-ovn/pkg/ovsdb/ovnnb"
@@ -323,6 +324,12 @@ func generateHeadlessService(slr *kubeovnv1.SwitchLBRule, oldSvc *corev1.Service
 	}
 
 	name = generateSvcName(slr.Name)
+
+	// We need to set the correct IPFamilies and IPFamilyPolicy on the service
+	// If the VIP is an IPv4, the Service needs to be configured in IPv4, and the opposite for an IPv6
+	// If the VIP has a mix of IPv4s and IPv6s, the Service must be DualStack, with both families set
+	families, policy := getIPFamilies(slr.Spec.Vip)
+
 	if oldSvc != nil {
 		newSvc = oldSvc.DeepCopy()
 		newSvc.Name = name
@@ -331,6 +338,8 @@ func generateHeadlessService(slr *kubeovnv1.SwitchLBRule, oldSvc *corev1.Service
 		newSvc.Spec.Ports = ports
 		newSvc.Spec.Selector = selectors
 		newSvc.Spec.SessionAffinity = corev1.ServiceAffinity(slr.Spec.SessionAffinity)
+		newSvc.Spec.IPFamilies = families
+		newSvc.Spec.IPFamilyPolicy = &policy
 	} else {
 		newSvc = &corev1.Service{
 			ObjectMeta: metav1.ObjectMeta{
@@ -344,6 +353,8 @@ func generateHeadlessService(slr *kubeovnv1.SwitchLBRule, oldSvc *corev1.Service
 				ClusterIP:       corev1.ClusterIPNone,
 				Type:            corev1.ServiceTypeClusterIP,
 				SessionAffinity: corev1.ServiceAffinity(slr.Spec.SessionAffinity),
+				IPFamilies:      families,
+				IPFamilyPolicy:  &policy,
 			},
 		}
 	}
@@ -406,3 +417,25 @@ func generateEndpoints(slr *kubeovnv1.SwitchLBRule, oldEps *corev1.Endpoints) *c
 	}
 	return newEps
 }
+
+// getIPFamilies returns the IP families (IPv6/IPv4) for a set of IPs within a VIP
+// This function is used to correctly construct the Service of a SwitchLBRule
+// It also returns the corresponding IPFamilyPolicy to set in the Service
+func getIPFamilies(vip string) (families []corev1.IPFamily, policy corev1.IPFamilyPolicy) {
+	// Check every IP in the VIP, assess if it is an IPv6 or an IPv4
+	ipFamilies := set.New[corev1.IPFamily]()
+	for ip := range strings.SplitSeq(vip, ",") {
+		switch util.CheckProtocol(ip) {
+		case kubeovnv1.ProtocolIPv6:
+			ipFamilies.Insert(corev1.IPv6Protocol)
+		case kubeovnv1.ProtocolIPv4:
+			ipFamilies.Insert(corev1.IPv4Protocol)
+		}
+	}
+
+	policy = corev1.IPFamilyPolicySingleStack
+	if ipFamilies.Len() > 1 {
+		policy = corev1.IPFamilyPolicyPreferDualStack
+	}
+	return ipFamilies.SortedList(), policy
+}

pkg/controller/switch_lb_rule_test.go

@@ -0,0 +1,74 @@
+package controller
+
+import (
+	"reflect"
+	"testing"
+
+	corev1 "k8s.io/api/core/v1"
+)
+
+func Test_getIPFamilies(t *testing.T) {
+	tests := []struct {
+		name                 string
+		vip                  string
+		expectedFamilies     []corev1.IPFamily
+		expectedFamilyPolicy corev1.IPFamilyPolicy
+	}{
+		{
+			name:                 "IPv4 VIP",
+			vip:                  "10.0.0.0",
+			expectedFamilies:     []corev1.IPFamily{corev1.IPv4Protocol},
+			expectedFamilyPolicy: corev1.IPFamilyPolicySingleStack,
+		},
+		{
+			name:                 "IPv6 VIP",
+			vip:                  "fd00::1",
+			expectedFamilies:     []corev1.IPFamily{corev1.IPv6Protocol},
+			expectedFamilyPolicy: corev1.IPFamilyPolicySingleStack,
+		},
+		{
+			name:                 "IPv6/v4 VIP",
+			vip:                  "fd00::1,10.0.0.0",
+			expectedFamilies:     []corev1.IPFamily{corev1.IPv4Protocol, corev1.IPv6Protocol},
+			expectedFamilyPolicy: corev1.IPFamilyPolicyPreferDualStack,
+		},
+		{
+			name:                 "IPv4/v6 VIP",
+			vip:                  "10.0.0.0,fd00::1",
+			expectedFamilies:     []corev1.IPFamily{corev1.IPv4Protocol, corev1.IPv6Protocol},
+			expectedFamilyPolicy: corev1.IPFamilyPolicyPreferDualStack,
+		},
+		{
+			name:                 "Many v4 VIP",
+			vip:                  "10.0.0.0,10.0.0.1,10.0.0.2",
+			expectedFamilies:     []corev1.IPFamily{corev1.IPv4Protocol},
+			expectedFamilyPolicy: corev1.IPFamilyPolicySingleStack,
+		},
+		{
+			name:                 "Many v6 VIP",
+			vip:                  "fd00::1,fd00::2,fd00::3",
+			expectedFamilies:     []corev1.IPFamily{corev1.IPv6Protocol},
+			expectedFamilyPolicy: corev1.IPFamilyPolicySingleStack,
+		},
+		{
+			name:                 "Many v6/v4 VIP",
+			vip:                  "fd00::1,fd00::2,fd00::3,10.0.0.0,10.0.0.1,10.0.0.2",
+			expectedFamilies:     []corev1.IPFamily{corev1.IPv4Protocol, corev1.IPv6Protocol},
+			expectedFamilyPolicy: corev1.IPFamilyPolicyPreferDualStack,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			families, policy := getIPFamilies(tt.vip)
+
+			if !reflect.DeepEqual(families, tt.expectedFamilies) {
+				t.Errorf("Expected families %v, but got %v", tt.expectedFamilies, families)
+			}
+
+			if policy != tt.expectedFamilyPolicy {
+				t.Errorf("Expected familiyPolicy %s, but got %s", tt.expectedFamilyPolicy, policy)
+			}
+		})
+	}
+}