Add IPv6 NAT

[rbrtbnfgl]

Proposed Changes

Enable IPv6 NAT to the pod internet traffic. (It requires to use flannel-ipv6-masq flag on the server configuration)

Types of Changes

New Feature

Verification

Add flannel-ipv6-masq: true on the server configuration when IPv6 is enabled.
Running ip6tables-save | grep MASQUERADE on any node of the cluster and the output should contain the masquerading rules like this:

-A POSTROUTING -s 2001:cafe:43::/56 ! -d ff00::/8 -j MASQUERADE --random-fully
-A POSTROUTING ! -s 2001:cafe:43::/56 -d 2001:cafe:43::/56 -j MASQUERADE --random-fully

Linked Issues

#4683

User-Facing Change

Further Comments

[brandond]

Do we need to do anything in the Flannel subnet file, similar to the FLANNEL_IPMASQ variable for IPv4 masq at

k3s/pkg/agent/flannel/flannel.go

Line 153 in effcb15

_, err = fmt.Fprintf(f, "FLANNEL_IPMASQ=%v\n", ipMasq)

[rbrtbnfgl]

Do we need to do anything in the Flannel subnet file, similar to the FLANNEL_IPMASQ variable for IPv4 masq at

k3s/pkg/agent/flannel/flannel.go

Line 153 in effcb15

_, err = fmt.Fprintf(f, "FLANNEL_IPMASQ=%v\n", ipMasq)

We do not need to add it because the current version of the flannel binary does not add any masquerading rules so we have to add them before.

[manuelbuil]

The error seems to be a flaky:

[PARALLEL] Summarizing 2 Failures:
[PARALLEL] 
[PARALLEL] [Fail] [sig-network] Proxy version v1 [It] A set of valid responses are returned for both pod and service ProxyWithPath [Conformance] 
[PARALLEL] /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/network/proxy.go:314
[PARALLEL] 
[PARALLEL] [Fail] [sig-node] Pods [It] should run through the lifecycle of Pods and PodStatus [Conformance] 
[PARALLEL] /workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/test/e2e/common/node/pods.go:1054

CI works in v1.22 and v1.21