onedr0p · onedr0p · Jul 17, 2023 · Jul 17, 2023 · Jul 17, 2023 · Jul 17, 2023
diff --git a/bootstrap/tasks/validation/net.yaml b/bootstrap/tasks/validation/net.yaml
@@ -15,13 +15,15 @@
 
 - name: Verify cluster CIDR
   ansible.builtin.assert:
-    that: ["{{ bootstrap_cluster_cidr is ansible.utils.ipv4 }}"]
+    that:
+     - "{{ bootstrap_cluster_cidr | regex_search('^(?:[0-9]{1,3}\\.){3}[0-9]{1,3}\\/[0-9]{1,2}$') is match('^.*$') or bootstrap_cluster_cidr | regex_search('^([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}\\/[0-9]{1,3}$') is match('^.*$') }}"
     success_msg: "Cluster CIDR {{ bootstrap_cluster_cidr }} is valid."
     fail_msg: "Cluster CIDR {{ bootstrap_cluster_cidr }} is invalid."
 
 - name: Verify service CIDR
   ansible.builtin.assert:
-    that: ["{{ bootstrap_service_cidr is ansible.utils.ipv4 }}"]
+    that:
+     - "{{ bootstrap_service_cidr | regex_search('^(?:[0-9]{1,3}\\.){3}[0-9]{1,3}\\/[0-9]{1,2}$') is match('^.*$') or bootstrap_service_cidr | regex_search('^([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}\\/[0-9]{1,3}$') is match('^.*$') }}"
     success_msg: "Service CIDR {{ bootstrap_service_cidr }} is valid."
     fail_msg: "Service CIDR {{ bootstrap_service_cidr }} is invalid."
 
@@ -92,3 +94,11 @@
   loop: "{{ bootstrap_nodes.master + bootstrap_nodes.worker | default([]) }}"
   loop_control:
      label: "{{ item.address }}"
+
+- Name: Verify that nodes have an IPv6 address
+  ansible.builtin.assert:
+    that: ["{{ ansible_default_ipv6.address is ansible.utils.ipv6 }}"]
+    success_msg: "Node address {{ ansible_default_ipv6.address }} is valid IPv6."
+    fail_msg: "Node IPv6 address is not valid or it's missing from node."
+    quiet: true
+  when: ipv6_enabled
diff --git a/bootstrap/templates/ansible/inventory/group_vars/kubernetes/supplemental.yaml.j2 b/bootstrap/templates/ansible/inventory/group_vars/kubernetes/supplemental.yaml.j2
@@ -4,5 +4,9 @@ github_username: "{{ bootstrap_github_username }}"
 coredns_addr: "{{ bootstrap_coredns_addr }}"
 kube_vip_addr: "{{ bootstrap_kube_vip_addr }}"
 cluster_cidr: "{{ bootstrap_cluster_cidr }}"
+cluster_cidr_v4: "{{ cluster_cidr.split(',')[0] | regex_replace('/.*', '') }}"
+cluster_cidr_v6: "{{ cluster_cidr.split(',')[1] | default('') | regex_replace('/.*', '') }}"
 service_cidr: "{{ bootstrap_service_cidr }}"
+service_cidr_v4: "{{ service_cidr.split(',')[0] | regex_replace('/.*', '') }}"
+service_cidr_v6: "{{ service_cidr.split(',')[1] | default('') | regex_replace('/.*', '') }}"
 node_cidr: "{{ bootstrap_node_cidr }}"
diff --git a/bootstrap/templates/ansible/inventory/group_vars/master/main.yaml.j2 b/bootstrap/templates/ansible/inventory/group_vars/master/main.yaml.j2
@@ -4,7 +4,11 @@
 
 k3s_control_node: true
 k3s_server:
+  {% if ipv6_enabled %}
+  node-ip: "{% raw %}{{ ansible_host }},{{ ansible_default_ipv6.address }}{% endraw %}"
+  {% else %}
   node-ip: "{% raw %}{{ ansible_host }}{% endraw %}"
+  {% endif %}
   tls-san:
     - "{% raw %}{{ kube_vip_addr }}{% endraw %}"
   docker: false

diff --git a/bootstrap/templates/ansible/inventory/group_vars/worker/main.yaml.j2 b/bootstrap/templates/ansible/inventory/group_vars/worker/main.yaml.j2
@@ -4,4 +4,8 @@
 
 k3s_control_node: false
 k3s_agent:
+  {% if ipv6_enabled %}
+  node-ip: "{% raw %}{{ ansible_host }},{{ ansible_default_ipv6.address }}{% endraw %}"
+  {% else %}
   node-ip: "{% raw %}{{ ansible_host }}{% endraw %}"
+  {% endif %}
diff --git a/bootstrap/templates/ansible/playbooks/templates/custom-cilium-helmchart.yaml.j2.j2 b/bootstrap/templates/ansible/playbooks/templates/custom-cilium-helmchart.yaml.j2.j2
@@ -30,7 +30,14 @@ spec:
       enabled: false
     ipam:
       mode: kubernetes
+    {% if ipv6_enabled %}
+    ipv4NativeRoutingCIDR: "{% raw %}{{ cluster_cidr_v4 }}{% endraw %}"
+    ipv6NativeRoutingCIDR: "{% raw %}{{ cluster_cidr_v6 }}{% endraw %}"
+    ipv6:
+      enabled: true
+    {% else %}
     ipv4NativeRoutingCIDR: "{% raw %}{{ k3s_server['cluster-cidr'] }}{% endraw %}"
+    {% endif %}
     k8sServiceHost: "{% raw %}{{ kube_vip_addr }}{% endraw %}"
     k8sServicePort: 6443
     kubeProxyReplacement: strict

diff --git a/bootstrap/templates/ansible/playbooks/templates/custom-coredns-helmchart.yaml.j2.j2 b/bootstrap/templates/ansible/playbooks/templates/custom-coredns-helmchart.yaml.j2.j2
@@ -19,7 +19,7 @@ spec:
     service:
       name: kube-dns
       # Choose the 10th IP address from the start of the service-cidr
-      clusterIP: "{% raw %}{{ k3s_server['service-cidr'] | ansible.utils.nthhost(10) }}{% endraw %}"
+      clusterIP: "{% raw %}{{ service_cidr_v4 | ansible.utils.nthhost(10) }}{% endraw %}"
     serviceAccount:
       create: true
     deployment:

diff --git a/bootstrap/vars/config.sample.yaml b/bootstrap/vars/config.sample.yaml
@@ -45,6 +45,11 @@ bootstrap_ingress_nginx_addr:
 # Choose your cluster and service cidrs, leave these unchanged unless you know what you are doing
 bootstrap_cluster_cidr: 10.42.0.0/16
 bootstrap_service_cidr: 10.43.0.0/16
+ipv6_enabled: false
+# If you want IPv6 enabled, please uncomment the below vars and comment the ones above
+# bootstrap_cluster_cidr: 10.42.0.0/16,fd7f:8f5:e87c:a::/64
+# bootstrap_service_cidr: 10.43.0.0/16,fd7f:8f5:e87c:e::/112
+# ipv6_enabled: true
 
 # Node information
 bootstrap_nodes: