Skip to content

fix: add ipv6 support in cri-dockerd#3125

Merged
ks-ci-bot merged 1 commit into
kubesphere:mainfrom
redscholar:cri_dockerd_ipv6
Jun 5, 2026
Merged

fix: add ipv6 support in cri-dockerd#3125
ks-ci-bot merged 1 commit into
kubesphere:mainfrom
redscholar:cri_dockerd_ipv6

Conversation

@redscholar

@redscholar redscholar commented Jun 5, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

What type of PR is this?

/kind bug

What this PR does / why we need it:

Fix bugs related to CRI configuration handling and cluster node labeling.

  • Fixed missing quotes around file paths in when conditions for CRI tasks (containerd and docker), ensuring proper file existence checks before generating configuration files.
  • Added missing delegate_to directive for the "Add custom labels to the cluster nodes" task in create_cluster.yaml to ensure labels are applied via the correct initialization node.

Which issue(s) this PR fixes:

Fixes #
https://github.com/kubesphere/project/issues/7611

Special notes for reviewers:

Please verify the quoting fix in CRI when conditions:
- builtin/core/roles/cri/containerd/tasks/main.yaml
- builtin/core/roles/cri/docker/tasks/main.yaml

Please verify the delegate_to fix in:
- builtin/core/playbooks/create_cluster.yaml

Does this PR introduced a user-facing change?

Fixed CRI configuration file existence checks and cluster node label delegation issues.

Additional documentation, usage docs, etc.:

@redscholar
fix: add ipv6 support in cri-dockerd
67c55d3 
Signed-off-by: redscholar <blacktiledhouse@gmail.com>
@kubesphere-prow kubesphere-prow Bot added release-note kind/bug Categorizes issue or PR as related to a bug. labels Jun 5, 2026
@kubesphere-prow

kubesphere-prow Bot commented Jun 5, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: redscholar

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@kubesphere-prow kubesphere-prow Bot added approved Indicates a PR has been approved by an approver from all required OWNERS files. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Jun 5, 2026
@sonarqubecloud

sonarqubecloud Bot commented Jun 5, 2026

Copy link
Copy Markdown

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

gemini-code-assist[bot]
gemini-code-assist Bot reviewed Jun 5, 2026
View reviewed changes

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request moves CNI configuration variables to the default CNI configuration file, adds dual-stack support to the cri-dockerd service when IPv6 is enabled, and fixes a duplicated https:// prefix in the etcd IPv6 endpoint templates for kubeadm. The reviewer provided feedback on improving template robustness: first, by explicitly checking .cni.ipv6_support against the string "true" to prevent incorrect evaluation of non-empty strings in Go templates; second, by adding default guards to the IPv4 CNI configuration fields to prevent template rendering failures when .cni.pod_cidr is undefined.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Comment thread builtin/core/roles/cri/docker/templates/cri-dockerd.service
[Service]
Type=notify
ExecStart=/usr/local/bin/cri-dockerd --pod-infra-container-image "{{ .kubernetes.sandbox_image.registry }}/{{ .kubernetes.sandbox_image.repository }}:{{ .kubernetes.sandbox_image.tag }}"
ExecStart=/usr/local/bin/cri-dockerd --pod-infra-container-image "{{ .kubernetes.sandbox_image.registry }}/{{ .kubernetes.sandbox_image.repository }}:{{ .kubernetes.sandbox_image.tag }}"{{if .cni.ipv6_support }} --ipv6-dual-stack{{ end }}

@gemini-code-assist gemini-code-assist Bot Jun 5, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

In Go templates, any non-empty string is evaluated as true by the if action. If .cni.ipv6_support is parsed or overridden as a string (e.g., "false"), {{if .cni.ipv6_support}} will evaluate to true, incorrectly enabling --ipv6-dual-stack.

To prevent this, you can use printf "%v" to safely convert the value to a string and compare it to "true":

{{if eq (printf "%v" .cni.ipv6_support) "true"}} --ipv6-dual-stack{{ end }}
ExecStart=/usr/local/bin/cri-dockerd --pod-infra-container-image "{{ .kubernetes.sandbox_image.registry }}/{{ .kubernetes.sandbox_image.repository }}:{{ .kubernetes.sandbox_image.tag }}"{{if eq (printf "%v" .cni.ipv6_support) "true" }} --ipv6-dual-stack{{ end }}

Comment thread builtin/core/roles/defaults/defaults/main/04-cni.yaml
Comment on lines +17 to +22
ipv4_support: >-
{{ eq (.cni.pod_cidr | splitList "," | first | ipFamily) "IPv4" }}
ipv4_pods_cidr: >-
{{- if eq (.cni.pod_cidr | splitList "," | first | ipFamily) "IPv4" -}}
{{ .cni.pod_cidr | splitList "," | first }}
{{- end -}}

@gemini-code-assist gemini-code-assist Bot Jun 5, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The ipv6_support and ipv6_pods_cidr fields use default "10.233.64.0/18" to guard against an empty or undefined .cni.pod_cidr. However, ipv4_support and ipv4_pods_cidr do not have this default guard. If .cni.pod_cidr is empty or undefined, ipFamily will be called with an empty string, returning an error and causing the template rendering to fail.

For consistency and robustness, please add the default guard to the IPv4 fields as well.

  ipv4_support: >-
    {{ eq (.cni.pod_cidr | default "10.233.64.0/18" | splitList "," | first | ipFamily) "IPv4" }}
  ipv4_pods_cidr: >-
    {{- if eq (.cni.pod_cidr | default "10.233.64.0/18" | splitList "," | first | ipFamily) "IPv4" -}}
    {{ .cni.pod_cidr | default "10.233.64.0/18" | splitList "," | first }}
    {{- end -}}

@redscholar redscholar added the lgtm Indicates that a PR is ready to be merged. label Jun 5, 2026
@ks-ci-bot ks-ci-bot merged commit 9c3c076 into kubesphere:main Jun 5, 2026
4 checks passed
@redscholar redscholar mentioned this pull request Jun 9, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. kind/bug Categorizes issue or PR as related to a bug. lgtm Indicates that a PR is ready to be merged. release-note size/M Denotes a PR that changes 30-99 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@redscholar @ks-ci-bot