Adding dual-stack support for Cluster API GCP Provider

api/v1beta/types.go:

Adding support for machines and simple network changes for IPV6 or dual stack work.
- InternalIpv6PrefixLength
- IPv6Address
- StackType

cloud/scope/machine.go:

Adding support for instances and networks to allow dual stack components.

- InstanceNetworkInterfaceSpec
  - InternalIpv6PrefixLength
  - Ipv6AccessConfigs
    - ExternalIPv6
    - ExternalIpv6PrefixLength
    - Type (when present always set to DIRECT_IPV6)
    - Name (always set to External IPv6)
  - IPv6AccessType
  - Ipv6Address
  - StackType

- InstanceSpec
  - PrivateIpv6GoogleAccess

- InstanceNetworkInterfaceAliasIPRangesSpec
 ** This did not change. The AliasIPs appear to only support IPv4 CIDR or single address format.

cloud/interfaces.go:

Expose a couple of new functions to get StackType and IPvAddress information from the cluster specs. These are only
getter functions for the Machine.go to access.

Author: barbacbd

api/v1beta1/types.go

@@ -137,6 +137,18 @@ const (
 	RulesManagementUnmanaged RulesManagementPolicy = "Unmanaged"
 )
 
+// StackType is a string enum type indicating the types of network addresses that are valid.
+// +kubebuilder:validation:Enum=IPV4_ONLY;IPV4_IPV6
+type StackType string
+
+const (
+	// IPv4OnlyStackType indicates a stack type where only IPv4 addresses are valid.
+	IPv4OnlyStackType StackType = "IPV4_ONLY"
+
+	// DualStackType indicates a stack type where both IPv4 and IPv6 addresses are valid.
+	DualStackType StackType = "IPV4_IPV6"
+)
+
 // NetworkSpec encapsulates all things related to a GCP network.
 type NetworkSpec struct {
 	// Name is the name of the network to be used.
@@ -191,6 +203,28 @@ type NetworkSpec struct {
 	// +kubebuilder:default:=64
 	// +optional
 	MinPortsPerVM int64 `json:"minPortsPerVm,omitempty"`
+
+	// InternalIpv6PrefixLength: The prefix length of the primary internal IPv6 range.
+	// +kubebuilder:validation:Minimum=0
+	// +kubebuilder:validation:Maximum=128
+	// +optional
+	InternalIpv6PrefixLength int `json:"internalIpv6PrefixLength,omitempty"`
+
+	// Ipv6Address: An IPv6 internal network address for this network interface.
+	// To use a static internal IP address, it must be unused and in the same
+	// region as the instance's zone. If not specified, Google Cloud will
+	// automatically assign an internal IPv6 address from the instance's subnetwork.
+	// +optional
+	Ipv6Address string `json:"ipv6Address,omitempty"`
+
+	// StackType: The stack type for the subnet. If set to IPV4_ONLY, new VMs in
+	// the subnet are assigned IPv4 addresses only. If set to IPV4_IPV6, new VMs in
+	// the subnet can be assigned both IPv4 and IPv6 addresses. If not specified,
+	// IPV4_ONLY is used. This field can be both set at resource creation time and
+	// updated using patch.
+	// +kubebuilder:default=IPV4_ONLY
+	// +optional
+	StackType StackType `json:"stackType,omitempty"`
 }
 
 // LoadBalancerType defines the Load Balancer that should be created.
@@ -290,16 +324,9 @@ type SubnetSpec struct {
 	// the subnet can be assigned both IPv4 and IPv6 addresses. If not specified,
 	// IPV4_ONLY is used. This field can be both set at resource creation time and
 	// updated using patch.
-	//
-	// Possible values:
-	//   "IPV4_IPV6" - New VMs in this subnet can have both IPv4 and IPv6
-	// addresses.
-	//   "IPV4_ONLY" - New VMs in this subnet will only be assigned IPv4 addresses.
-	//   "IPV6_ONLY" - New VMs in this subnet will only be assigned IPv6 addresses.
-	// +kubebuilder:validation:Enum=IPV4_ONLY;IPV4_IPV6;IPV6_ONLY
 	// +kubebuilder:default=IPV4_ONLY
 	// +optional
-	StackType string `json:"stackType,omitempty"`
+	StackType StackType `json:"stackType,omitempty"`
 }
 
 // String returns a string representation of the subnet.

cloud/interfaces.go

@@ -58,6 +58,8 @@ type ClusterGetter interface {
 	NetworkName() string
 	NetworkProject() string
 	IsSharedVpc() bool
+	StackType() infrav1.StackType
+	Ipv6Address() string
 	SkipFirewallRuleCreation() bool
 	Network() *infrav1.Network
 	AdditionalLabels() infrav1.Labels

cloud/scope/cluster.go

@@ -120,6 +120,20 @@ func (s *ClusterScope) IsSharedVpc() bool {
 	return s.NetworkProject() != s.Project()
 }
 
+// StackType returns the network stack type for the cluster.
+func (s *ClusterScope) StackType() infrav1.StackType {
+	return s.GCPCluster.Spec.Network.StackType
+}
+
+// Ipv6Address returns the IPv6 address when one is provided in the spec and the cluster network is not IPv4 Only.
+func (s *ClusterScope) Ipv6Address() string {
+	address := ""
+	if s.StackType() != infrav1.IPv4OnlyStackType {
+		address = s.GCPCluster.Spec.Network.Ipv6Address
+	}
+	return address
+}
+
 // Region returns the cluster region.
 func (s *ClusterScope) Region() string {
 	return s.GCPCluster.Spec.Region
@@ -283,7 +297,7 @@ func (s *ClusterScope) SubnetSpecs() []*compute.Subnetwork {
 			Network:               s.NetworkLink(),
 			Purpose:               ptr.Deref(subnetwork.Purpose, "PRIVATE_RFC_1918"),
 			Role:                  "ACTIVE",
-			StackType:             subnetwork.StackType,
+			StackType:             string(subnetwork.StackType),
 		})
 	}
 

cloud/scope/machine.go

@@ -326,12 +326,31 @@ func (m *MachineScope) InstanceNetworkInterfaceSpec() *compute.NetworkInterface
 	}
 
 	if m.GCPMachine.Spec.PublicIP != nil && *m.GCPMachine.Spec.PublicIP {
-		networkInterface.AccessConfigs = []*compute.AccessConfig{
-			{
-				Type: "ONE_TO_ONE_NAT",
-				Name: "External NAT",
-			},
+		switch m.ClusterGetter.StackType() {
+		case infrav1.IPv4OnlyStackType:
+			networkInterface.AccessConfigs = []*compute.AccessConfig{
+				{
+					Type: "ONE_TO_ONE_NAT",
+					Name: "External NAT",
+				},
+			}
+		case infrav1.DualStackType:
+			networkInterface.Ipv6AccessConfigs = []*compute.AccessConfig{
+				{
+					Type: "DIRECT_IPV6",
+					Name: "External IPv6",
+				},
+			}
+		}
+	}
+
+	if m.ClusterGetter.StackType() == infrav1.DualStackType {
+		accessType := "INTERNAL"
+		if m.GCPMachine.Spec.PublicIP != nil && *m.GCPMachine.Spec.PublicIP {
+			accessType = "EXTERNAL"
 		}
+		networkInterface.Ipv6AccessType = accessType
+		networkInterface.Ipv6Address = m.ClusterGetter.Ipv6Address()
 	}
 
 	if m.GCPMachine.Spec.Subnet != nil {
@@ -504,6 +523,10 @@ func (m *MachineScope) InstanceSpec(log logr.Logger) *compute.Instance {
 		instance.Scheduling.OnHostMaintenance = "TERMINATE"
 	}
 
+	if m.ClusterGetter.StackType() == infrav1.DualStackType {
+		instance.PrivateIpv6GoogleAccess = "INHERIT_FROM_SUBNETWORK"
+	}
+
 	return instance
 }
 

cloud/scope/managedcluster.go

@@ -143,6 +143,20 @@ func (s *ManagedClusterScope) IsSharedVpc() bool {
 	return s.NetworkProject() != s.Project()
 }
 
+// StackType returns the network stack type for the cluster.
+func (s *ManagedClusterScope) StackType() infrav1.StackType {
+	return s.GCPManagedCluster.Spec.Network.StackType
+}
+
+// Ipv6Address returns the IPv6 address when one is provided in the spec and the cluster network is not IPv4 Only.
+func (s *ManagedClusterScope) Ipv6Address() string {
+	address := ""
+	if s.StackType() != infrav1.IPv4OnlyStackType {
+		address = s.GCPManagedCluster.Spec.Network.Ipv6Address
+	}
+	return address
+}
+
 // NetworkLink returns the partial URL for the network.
 func (s *ManagedClusterScope) NetworkLink() string {
 	return fmt.Sprintf("projects/%s/global/networks/%s", s.NetworkProject(), s.NetworkName())
@@ -269,7 +283,7 @@ func (s *ManagedClusterScope) SubnetSpecs() []*compute.Subnetwork {
 			Network:               s.NetworkLink(),
 			Purpose:               ptr.Deref(subnetwork.Purpose, "PRIVATE_RFC_1918"),
 			Role:                  "ACTIVE",
-			StackType:             subnetwork.StackType,
+			StackType:             string(subnetwork.StackType),
 		})
 	}
 

cloud/services/compute/instances/reconcile_test.go

@@ -119,6 +119,20 @@ var fakeGCPCluster = &infrav1.GCPCluster{
 	},
 }
 
+var fakeGCPClusterIpv6 = &infrav1.GCPCluster{
+	ObjectMeta: metav1.ObjectMeta{
+		Name:      "my-cluster",
+		Namespace: "default",
+	},
+	Spec: infrav1.GCPClusterSpec{
+		Project: "my-proj",
+		Region:  "us-central1",
+		Network: infrav1.NetworkSpec{
+			StackType: infrav1.DualStackType,
+		},
+	},
+}
+
 func getFakeGCPMachine() *infrav1.GCPMachine {
 	return &infrav1.GCPMachine{
 		ObjectMeta: metav1.ObjectMeta{
@@ -154,6 +168,18 @@ func TestService_createOrGetInstance(t *testing.T) {
 		t.Fatal(err)
 	}
 
+	clusterScopeIpv6, err := scope.NewClusterScope(context.TODO(), scope.ClusterScopeParams{
+		Client:     fakec,
+		Cluster:    fakeCluster,
+		GCPCluster: fakeGCPClusterIpv6,
+		GCPServices: scope.GCPServices{
+			Compute: &compute.Service{},
+		},
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+
 	machineScope, err := scope.NewMachineScope(scope.MachineScopeParams{
 		Client:        fakec,
 		Machine:       fakeMachine,
@@ -164,6 +190,16 @@ func TestService_createOrGetInstance(t *testing.T) {
 		t.Fatal(err)
 	}
 
+	machineScopeIpv6, err := scope.NewMachineScope(scope.MachineScopeParams{
+		Client:        fakec,
+		Machine:       fakeMachine,
+		GCPMachine:    fakeGCPMachine,
+		ClusterGetter: clusterScopeIpv6,
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+
 	clusterScopeWithoutFailureDomain, err := scope.NewClusterScope(context.TODO(), scope.ClusterScopeParams{
 		Client:     fakec,
 		Cluster:    fakeCluster,
@@ -1086,6 +1122,72 @@ func TestService_createOrGetInstance(t *testing.T) {
 				Zone: "us-central1-c",
 			},
 		},
+		{
+			name:  "ipv6 instance does not exist (should create instance)",
+			scope: func() Scope { return machineScopeIpv6 },
+			mockInstance: &cloud.MockInstances{
+				ProjectRouter: &cloud.SingleProjectRouter{ID: "proj-id"},
+				Objects:       map[meta.Key]*cloud.MockInstancesObj{},
+			},
+			want: &compute.Instance{
+				Name:         "my-machine",
+				CanIpForward: true,
+				Disks: []*compute.AttachedDisk{
+					{
+						AutoDelete: true,
+						Boot:       true,
+						InitializeParams: &compute.AttachedDiskInitializeParams{
+							DiskType:            "zones/us-central1-c/diskTypes/pd-standard",
+							SourceImage:         "projects/my-proj/global/images/family/capi-ubuntu-1804-k8s-v1-19",
+							ResourceManagerTags: map[string]string{},
+							Labels: map[string]string{
+								"foo": "bar",
+							},
+						},
+					},
+				},
+				Labels: map[string]string{
+					"capg-role":               "node",
+					"capg-cluster-my-cluster": "owned",
+					"foo":                     "bar",
+				},
+				MachineType: "zones/us-central1-c/machineTypes",
+				Metadata: &compute.Metadata{
+					Items: []*compute.MetadataItems{
+						{
+							Key:   "user-data",
+							Value: ptr.To[string]("Zm9vCg=="),
+						},
+					},
+				},
+				NetworkInterfaces: []*compute.NetworkInterface{
+					{
+						Network:        "projects/my-proj/global/networks/default",
+						Ipv6AccessType: "INTERNAL", // default, this was not overridden with a public ip address set.
+						Ipv6Address:    "",
+					},
+				},
+				Params: &compute.InstanceParams{
+					ResourceManagerTags: map[string]string{},
+				},
+				PrivateIpv6GoogleAccess: "INHERIT_FROM_SUBNETWORK",
+				SelfLink:                "https://www.googleapis.com/compute/v1/projects/proj-id/zones/us-central1-c/instances/my-machine",
+				Scheduling:              &compute.Scheduling{},
+				ServiceAccounts: []*compute.ServiceAccount{
+					{
+						Email:  "default",
+						Scopes: []string{"https://www.googleapis.com/auth/cloud-platform"},
+					},
+				},
+				Tags: &compute.Tags{
+					Items: []string{
+						"my-cluster-node",
+						"my-cluster",
+					},
+				},
+				Zone: "us-central1-c",
+			},
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {

config/crd/bases/infrastructure.cluster.x-k8s.io_gcpclusters.yaml

@@ -203,6 +203,19 @@ spec:
                     description: HostProject is the name of the project hosting the
                       shared VPC network resources.
                     type: string
+                  internalIpv6PrefixLength:
+                    description: 'InternalIpv6PrefixLength: The prefix length of the
+                      primary internal IPv6 range.'
+                    maximum: 128
+                    minimum: 0
+                    type: integer
+                  ipv6Address:
+                    description: |-
+                      Ipv6Address: An IPv6 internal network address for this network interface.
+                      To use a static internal IP address, it must be unused and in the same
+                      region as the instance's zone. If not specified, Google Cloud will
+                      automatically assign an internal IPv6 address from the instance's subnetwork.
+                    type: string
                   loadBalancerBackendPort:
                     description: Allow for configuration of load balancer backend
                       (useful for changing apiserver port)
@@ -234,6 +247,18 @@ spec:
                   name:
                     description: Name is the name of the network to be used.
                     type: string
+                  stackType:
+                    default: IPV4_ONLY
+                    description: |-
+                      StackType: The stack type for the subnet. If set to IPV4_ONLY, new VMs in
+                      the subnet are assigned IPv4 addresses only. If set to IPV4_IPV6, new VMs in
+                      the subnet can be assigned both IPv4 and IPv6 addresses. If not specified,
+                      IPV4_ONLY is used. This field can be both set at resource creation time and
+                      updated using patch.
+                    enum:
+                    - IPV4_ONLY
+                    - IPV4_IPV6
+                    type: string
                   subnets:
                     description: Subnets configuration.
                     items:
@@ -309,16 +334,9 @@ spec:
                             the subnet can be assigned both IPv4 and IPv6 addresses. If not specified,
                             IPV4_ONLY is used. This field can be both set at resource creation time and
                             updated using patch.
-
-                            Possible values:
-                              "IPV4_IPV6" - New VMs in this subnet can have both IPv4 and IPv6
-                            addresses.
-                              "IPV4_ONLY" - New VMs in this subnet will only be assigned IPv4 addresses.
-                              "IPV6_ONLY" - New VMs in this subnet will only be assigned IPv6 addresses.
                           enum:
                           - IPV4_ONLY
                           - IPV4_IPV6
-                          - IPV6_ONLY
                           type: string
                       type: object
                     type: array