feat: IPv6 support

cluster/eksctl/ipv4/cluster.yaml

@@ -0,0 +1,42 @@
+apiVersion: eksctl.io/v1alpha5
+kind: ClusterConfig
+
+availabilityZones:
+- ${AWS_REGION}a
+- ${AWS_REGION}b
+- ${AWS_REGION}c
+
+metadata:
+  name: ${EKS_CLUSTER_NAME}
+  region: ${AWS_REGION}
+  version: '1.25'
+  tags:
+    karpenter.sh/discovery: ${EKS_CLUSTER_NAME}
+    created-by: eks-workshop-v2
+    env: ${EKS_CLUSTER_NAME}
+
+iam:
+  withOIDC: true
+
+vpc:
+  cidr: 10.42.0.0/16
+  clusterEndpoints:
+    privateAccess: true
+    publicAccess: true
+
+addons:
+- name: vpc-cni
+  version: v1.12.5-eksbuild.2
+  configurationValues: "{\"env\":{\"ENABLE_PREFIX_DELEGATION\":\"true\", \"ENABLE_POD_ENI\":\"true\", \"POD_SECURITY_GROUP_ENFORCING_MODE\":\"standard\"}}"
+  resolveConflicts: overwrite
+
+managedNodeGroups:
+- name: default
+  desiredCapacity: 3
+  minSize: 3
+  maxSize: 6
+  instanceType: m5.large
+  privateNetworking: true
+  releaseVersion: 1.25.6-20230304
+  labels:
+    workshop-default: 'yes'

cluster/eksctl/ipv6/cluster.yaml

@@ -0,0 +1,43 @@
+apiVersion: eksctl.io/v1alpha5
+kind: ClusterConfig
+
+availabilityZones:
+- ${AWS_REGION}a
+- ${AWS_REGION}b
+- ${AWS_REGION}c
+
+metadata:
+  name: ${EKS_CLUSTER_NAME}
+  region: ${AWS_REGION}
+  version: '1.25'
+  tags:
+    karpenter.sh/discovery: ${EKS_CLUSTER_NAME}
+    created-by: eks-workshop-v2
+    env: ${EKS_CLUSTER_NAME}
+
+iam:
+  withOIDC: true
+
+kubernetesNetworkConfig:
+  ipFamily: IPv6
+
+vpc:
+  clusterEndpoints:
+    privateAccess: true
+    publicAccess: true
+
+addons:
+- name: vpc-cni
+- name: kube-proxy
+- name: coredns
+
+managedNodeGroups:
+- name: default
+  desiredCapacity: 3
+  minSize: 3
+  maxSize: 6
+  instanceType: m5.large
+  privateNetworking: true
+  releaseVersion: 1.25.6-20230304
+  labels:
+    workshop-default: 'yes'

hack/run-tests.sh

@@ -49,10 +49,18 @@ if [ ! -z "$BACKGROUND" ]; then
   background_args="--detach"
 fi
 
+network_family=$(aws eks describe-cluster --name $EKS_CLUSTER_NAME --query "cluster.kubernetesNetworkConfig.ipFamily" --output text)
+
+skip_tags_args="--skip-tags ipv6"
+
+if [[ "$network_family" == "ipv6" ]]; then
+  skip_tags_args="--skip-tags ipv4"
+fi
+
 echo "Running test suite..."
 
 $CONTAINER_CLI run $background_args \
   -v $SCRIPT_DIR/../website/docs:/content \
   -v $SCRIPT_DIR/../manifests:/manifests \
   -e 'EKS_CLUSTER_NAME' -e 'AWS_REGION' \
-  $aws_credential_args $container_image -g "{$module,$module/**}" --hook-timeout 1200 --timeout 1200 ${AWS_EKS_WORKSHOP_TEST_FLAGS}
+  $aws_credential_args $container_image -g "{$module,$module/**}" --hook-timeout 1200 --timeout 1200 $skip_tags_args --debug ${AWS_EKS_WORKSHOP_TEST_FLAGS}

lab/bin/reset-environment

@@ -82,6 +82,7 @@ mkdir -p /eks-workshop/terraform
 cp $manifests_path/.workshop/terraform/base.tf /eks-workshop/terraform
 
 export TF_VAR_eks_cluster_id="$EKS_CLUSTER_NAME"
+export TF_VAR_eks_network_family="$EKS_IP_FAMILY"
 
 RESOURCES_PRECREATED=${RESOURCES_PRECREATED:-""}
 
@@ -117,7 +118,9 @@ if [ ! -z "$module" ]; then
     terraform -chdir="$tf_dir" apply -refresh=false --auto-approve > /tmp/terraform-apply.log
   fi
 
-  if [ -d "$module_path/.workshop/manifests" ]; then
+  if [ -d "$module_path/.workshop/manifests/$EKS_IP_FAMILY" ]; then
+    kubectl apply -k "$module_path/.workshop/manifests/$EKS_IP_FAMILY" > /dev/null
+  elif [ -d "$module_path/.workshop/manifests" ]; then
     kubectl apply -k "$module_path/.workshop/manifests" > /dev/null
   fi
 fi

lab/bin/use-cluster

@@ -22,6 +22,8 @@ fi
 
 default_nodegroup_name=$(echo "$nodegroup_output" | jq '.nodegroups[0]')
 
+network_family=$(aws eks describe-cluster --name $cluster_name --query "cluster.kubernetesNetworkConfig.ipFamily" --output text)
+
 cat << EOT > /home/ec2-user/.bashrc.d/env.bash
 aws eks update-kubeconfig --name ${cluster_name}
 set -a
@@ -31,7 +33,7 @@ EKS_DEFAULT_MNG_MIN=3
 EKS_DEFAULT_MNG_MAX=6
 EKS_DEFAULT_MNG_DESIRED=3
 AWS_ACCOUNT_ID=${AWS_ACCOUNT_ID}
-EKS_IP_FAMILY=ipv4
+EKS_IP_FAMILY=${network_family}
 set +a
 EOT
 

lab/bin/wait-for-lb

@@ -9,7 +9,7 @@ echo "Waiting for ${host}..."
 EXIT_CODE=0
 
 timeout -s TERM 600 bash -c \
-  'while [[ "$(curl -s -o /dev/null -L -w ''%{http_code}'' ${host}/home)" != "200" ]];\
+  'while [[ "$(curl -s -o /dev/null -L -w ''%{http_code}'' ${host})" != "200" ]];\
   do sleep 5;\
   done' || EXIT_CODE=$?
 

manifests/.workshop/terraform/base.tf

@@ -37,6 +37,11 @@ variable "resources_precreated" {
   default = false
 }
 
+variable "eks_network_family" {
+  type    = string
+  default = "ipv4"
+}
+
 data "aws_partition" "current" {}
 data "aws_caller_identity" "current" {}
 data "aws_region" "current" {}
@@ -81,6 +86,9 @@ locals {
   eks_cluster_endpoint = data.aws_eks_cluster.eks_cluster.endpoint
   eks_cluster_version  = data.aws_eks_cluster.eks_cluster.version
 
+  is_ipv4 = var.eks_network_family == "ipv4"
+  is_ipv6 = ! local.is_ipv4
+
   addon_context = {
     aws_caller_identity_account_id = data.aws_caller_identity.current.account_id
     aws_caller_identity_arn        = data.aws_caller_identity.current.arn

manifests/modules/automation/controlplanes/ack/rds/application/nlb.yaml → manifests/modules/automation/controlplanes/ack/.workshop/manifests/base/nlb.yaml

@@ -5,7 +5,7 @@ metadata:
   annotations:
     service.beta.kubernetes.io/aws-load-balancer-type: external 
     service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
-    service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: instance
+    service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip
   namespace: ui
 spec:
   type: LoadBalancer

manifests/modules/automation/controlplanes/ack/.workshop/manifests/ipv4/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+bases:
+- ../base

manifests/modules/automation/controlplanes/ack/.workshop/manifests/ipv6/kustomization.yaml

@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+bases:
+- ../base
+patches:
+- nlb.yaml

manifests/modules/automation/controlplanes/ack/.workshop/manifests/ipv6/nlb.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: ui-nlb
+  namespace: ui
+  annotations:
+    service.beta.kubernetes.io/aws-load-balancer-ip-address-type: "dualstack"

manifests/modules/automation/controlplanes/ack/rds/application/deployment.yaml

@@ -28,4 +28,4 @@ spec:
               valueFrom:
                 secretKeyRef:
                   name: catalog-db-ack
-                  key: endpoint
+                  key: endpoint

manifests/modules/automation/controlplanes/ack/rds/application/kustomization.yaml

@@ -2,7 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 bases:
 - ../../../../../../base-application/catalog
-resources:
-- nlb.yaml
 patches:
-- deployment.yaml
+- deployment.yaml

manifests/modules/automation/controlplanes/crossplane/application/nlb.yaml → manifests/modules/automation/controlplanes/crossplane/.workshop/manifests/base/nlb.yaml

@@ -5,7 +5,7 @@ metadata:
   annotations:
     service.beta.kubernetes.io/aws-load-balancer-type: external 
     service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
-    service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: instance
+    service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip
   namespace: ui
 spec:
   type: LoadBalancer

manifests/modules/automation/controlplanes/crossplane/.workshop/manifests/ipv4/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+bases:
+- ../base

manifests/modules/automation/controlplanes/crossplane/.workshop/manifests/ipv6/kustomization.yaml

@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+bases:
+- ../base
+patches:
+- nlb.yaml

manifests/modules/automation/controlplanes/crossplane/.workshop/manifests/ipv6/nlb.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: ui-nlb
+  namespace: ui
+  annotations:
+    service.beta.kubernetes.io/aws-load-balancer-ip-address-type: "dualstack"

manifests/modules/automation/controlplanes/crossplane/application/deployment.yaml

@@ -28,4 +28,4 @@ spec:
               valueFrom:
                 secretKeyRef:
                   name: catalog-db-crossplane
-                  key: endpoint
+                  key: endpoint

manifests/modules/automation/controlplanes/crossplane/application/kustomization.yaml

@@ -2,7 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 bases:
 - ../../../../base-application/catalog
-resources:
-- nlb.yaml
 patches:
-- deployment.yaml
+- deployment.yaml

manifests/modules/exposing/ingress/creating-ingress/ipv6/ingress.yaml

@@ -0,0 +1,23 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: ui
+  namespace: ui
+  annotations:
+    alb.ingress.kubernetes.io/scheme: internet-facing
+    alb.ingress.kubernetes.io/target-type: ip
+    alb.ingress.kubernetes.io/healthcheck-path: /actuator/health/liveness
+    # HIGHLIGHT
+    alb.ingress.kubernetes.io/ip-address-type: dualstack
+spec:
+  ingressClassName: alb
+  rules:
+  - http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: ui
+            port:
+              number: 80

manifests/modules/exposing/ingress/creating-ingress/ipv6/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+bases:
+resources:
+- ingress.yaml

manifests/modules/exposing/ingress/multiple-ingress/ipv6/ingress-catalog.yaml

@@ -0,0 +1,24 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: catalog
+  namespace: catalog
+  labels:
+    app.kubernetes.io/created-by: eks-workshop
+  annotations:
+    alb.ingress.kubernetes.io/target-type: ip
+    # HIGHLIGHT
+    alb.ingress.kubernetes.io/group.name: retail-app-group
+    alb.ingress.kubernetes.io/ip-address-type: dualstack
+spec:
+  ingressClassName: alb
+  rules:
+  - http:
+      paths:
+      - path: /catalogue
+        pathType: Prefix
+        backend:
+          service:
+            name: catalog
+            port:
+              number: 80

manifests/modules/exposing/ingress/multiple-ingress/ipv6/ingress-ui.yaml

@@ -0,0 +1,26 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: ui
+  namespace: ui
+  labels:
+    app.kubernetes.io/created-by: eks-workshop
+  annotations:
+    alb.ingress.kubernetes.io/scheme: internet-facing
+    alb.ingress.kubernetes.io/target-type: ip
+    alb.ingress.kubernetes.io/healthcheck-path: /actuator/health/liveness
+    # HIGHLIGHT
+    alb.ingress.kubernetes.io/group.name: retail-app-group
+    alb.ingress.kubernetes.io/ip-address-type: dualstack
+spec:
+  ingressClassName: alb
+  rules:
+  - http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: ui
+            port:
+              number: 80

manifests/modules/exposing/ingress/multiple-ingress/ipv6/kustomization.yaml

@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+bases:
+resources:
+- ingress-catalog.yaml
+- ingress-ui.yaml

manifests/modules/exposing/load-balancer/ipv6/ip-mode/kustomization.yaml

@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+bases:
+- ../nlb
+patches:
+- nlb.yaml