CORS-4136: Add Feature gates for AWS, Azure and GCP Dual Stack support #2430

sadasu · 2025-07-31T15:30:38Z

No description provided.

openshift-ci · 2025-07-31T15:30:47Z

Hello @sadasu! Some important instructions when contributing to openshift/api:
API design plays an important part in the user experience of OpenShift and as such API PRs are subject to a high level of scrutiny to ensure they follow our best practices. If you haven't already done so, please review the OpenShift API Conventions and ensure that your proposed changes are compliant. Following these conventions will help expedite the api review process for your PR.

openshift-ci-robot · 2025-07-31T15:33:07Z

@sadasu: This pull request references CORS-4136 which is a valid jira issue.

This pull request references CORS-4157 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.20.0" version, but no target version was set.

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

config/v1/types_infrastructure.go

JoelSpeed · 2025-08-07T10:34:08Z

config/v1/types_infrastructure.go

+	// +default="IPFamiliesIPv4"
+	// +kubebuilder:default:="IPFamiliesIPv4"


Are we sure we want to default this? Are there existing clusters where this could default to an incorrect value?

All currently installed AWS,Azure and GCP clusters are ipv4 only so this seemed like the correct default. So, when we upgrade to a version with this API change, the address family would be unambiguous.

Is there some way in the cluster that we could tell that the cluster is IPv4 and therefore set it based on something that already exists, rather than defaulting within the API based off of an assumption?

While all clusters today are ipv4, in theory in the future we could end up defaulting a cluster that is not ipv4 and this would then send the wrong message

We are adding an install-config field for customers to set the IPFamily for the cluster for new installs. There too we are defaulting to IPV4. And as part of the support for dualstack, the Installer will always be explicitly setting this field in the Infra CR when the manifest is generated.

For existing clusters, we know that they are all IPv4 and hence added this defaulting behavior. Its value should be immutable.

config/v1/types_infrastructure.go

JoelSpeed · 2025-08-07T10:34:56Z

config/v1/types_infrastructure.go

@@ -536,6 +536,14 @@ type AWSPlatformStatus struct {
 	// +optional
 	// +nullable
 	CloudLoadBalancerConfig *CloudLoadBalancerConfig `json:"cloudLoadBalancerConfig,omitempty"`
+
+	// ipFamily indicates the IP Address family supported by cluster nodes.


Explain the valid values and what they mean as part of the godoc

JoelSpeed · 2025-08-07T10:35:29Z

..._generated.crd-manifests/0000_10_config-operator_01_infrastructures-CustomNoUpgrade.crd.yaml

@@ -1130,7 +1130,6 @@ spec:
                - HighlyAvailable
                - HighlyAvailableArbiter
                - SingleReplica
-                - DualReplica


Not sure why this has been removed?

JoelSpeed · 2025-08-07T10:36:33Z

machineconfiguration/v1/types.go

@@ -148,7 +148,7 @@ type ControllerConfigSpec struct {

 	// ipFamilies indicates the IP families in use by the cluster network
 	// +required
-	IPFamilies IPFamiliesType `json:"ipFamilies"`
+	IPFamilies configv1.IPFamiliesType `json:"ipFamilies"`


Do we need to do this? We tend to prefer local types over importing from other packages

IPFamiliesType was originally defined here : https://github.com/openshift/api/blob/master/machineconfiguration/v1/types.go#L177-L185.

Instead of redefining IPFamilies for use within types_infrastructure.go, i moved it to a common location in config/v1/types.go

Are we confident that their use cases will not diverge? It's generally safer to have the two as separate APIs and not to share a common place like this

I do not envision IP family types to diverge. But, let me try again by separating the APIs.

JoelSpeed · 2025-08-07T10:36:46Z

...generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-CustomNoUpgrade.crd.yaml

@@ -669,7 +669,7 @@ spec:
                                            when type is Name, and forbidden otherwise
                                          rule: 'has(self.type) && self.type == ''Name''
                                            ?  has(self.name) : !has(self.name)'
-                                      maxItems: 32
+                                      maxItems: 1


This seems to be unrelated?

This and the deletion of DualReplica keeps showing up every time I run make update.

Make sure you rebase onto the latest main before you run the update command

JoelSpeed · 2025-08-12T16:37:16Z

config/v1/types_infrastructure.go

+	// infrastructure and all cluster resources are expected to have both IPv4 and IPv6 addresses.
+	// +default="IPv4"
+	// +kubebuilder:default:="IPv4"
+	// +kubebuilder:validation:Enum="IPv4";"DualStack"


Generally prefer to have this on the type alias itself, rather than at the field level

There was a question within the team regarding this field in the PlatformStatus. Could the same functionality be achieved using an existing API such as cloud provider config? My reasoning has been that we need a source of truth for the cluster that is easily available even on day-2 and within an API that we manage. Thoughts?

config/v1/types.go

JoelSpeed · 2025-08-14T11:33:35Z

config/v1/types_infrastructure.go

+	// +kubebuilder:default:="IPv4"
+	// +kubebuilder:validation:Enum="IPv4";"DualStack"
+	// +openshift:enable:FeatureGate=AWSDualStackInstall
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="ipFamily is immutable once set"


Do you have a test to show that if the value is DualStack, and then someone tries to remove it, that it doesn't default to IPv4?

JoelSpeed · 2025-08-14T11:34:06Z

config/v1/types_infrastructure.go

@@ -775,6 +801,19 @@ type GCPPlatformStatus struct {
 	// +optional
 	// +openshift:enable:FeatureGate=GCPCustomAPIEndpointsInstall
 	ServiceEndpoints []GCPServiceEndpoint `json:"serviceEndpoints,omitempty"`
+
+	// ipFamily indicates the IP Address family supported by cluster nodes.


Explain in the godoc that the value is set at installation time and it cannot be changed

jhixson74 · 2025-08-26T21:37:52Z

/cc

sadasu · 2025-09-03T21:09:11Z

@JoelSpeed Refactored this PR to just add the feature gates because we still have some unanswered questions regarding the API changes.

This is 4.21 feature work and seems weird that it requires the acknowledge-critical-fixes-only label.

sadasu · 2025-09-03T21:09:19Z

/tide refresh

JoelSpeed · 2025-09-04T10:06:14Z

/lgtm
/verified by existing E2Es passing

openshift-ci-robot · 2025-09-04T10:06:26Z

@JoelSpeed: This PR has been marked as verified by existing E2Es passing.

In response to this:

/lgtm
/verified by existing E2Es passing

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

openshift-ci · 2025-09-04T10:06:54Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: JoelSpeed, sadasu

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

~~OWNERS~~ [JoelSpeed]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

sadasu · 2025-09-04T13:15:56Z

/label acknowledge-critical-fixes-only

sadasu · 2025-09-04T13:27:22Z

/retest-required

openshift-ci-robot · 2025-09-04T15:27:39Z

@sadasu: This pull request references CORS-4136 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target either version "4.21." or "openshift-4.21.", but it targets "4.20.0" instead.

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

openshift-ci · 2025-09-04T15:54:09Z

@sadasu: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-gcp	`5f5acf3`	link	false	`/test e2e-gcp`

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

openshift-merge-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jul 31, 2025

openshift-ci bot added the size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. label Jul 31, 2025

sadasu changed the title ~~Add Feature gates and update Infrastructure API for AWS, Azure and GCP Dual Stack support~~ CORS-4136, CORS-4157: Add Feature gates and update Infrastructure API for AWS, Azure and GCP Dual Stack support Jul 31, 2025

openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Jul 31, 2025

openshift-ci bot requested review from JoelSpeed and sinnykumari July 31, 2025 15:33

sadasu changed the title ~~CORS-4136, CORS-4157: Add Feature gates and update Infrastructure API for AWS, Azure and GCP Dual Stack support~~ [WIP] CORS-4136, CORS-4157: Add Feature gates and update Infrastructure API for AWS, Azure and GCP Dual Stack support Jul 31, 2025

openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jul 31, 2025

sadasu force-pushed the aws-azure-gcp-dual-stack branch from ed2ad9d to 64aaf90 Compare July 31, 2025 15:57

openshift-merge-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jul 31, 2025

patrickdillon reviewed Aug 6, 2025

View reviewed changes

config/v1/types_infrastructure.go Outdated Show resolved Hide resolved

openshift-merge-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Aug 6, 2025

sadasu force-pushed the aws-azure-gcp-dual-stack branch from 64aaf90 to bf0c0db Compare August 6, 2025 21:24

sadasu changed the title ~~[WIP] CORS-4136, CORS-4157: Add Feature gates and update Infrastructure API for AWS, Azure and GCP Dual Stack support~~ CORS-4136, CORS-4157: Add Feature gates and update Infrastructure API for AWS, Azure and GCP Dual Stack support Aug 6, 2025

openshift-merge-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Aug 6, 2025

openshift-ci bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Aug 6, 2025

JoelSpeed reviewed Aug 7, 2025

View reviewed changes

sadasu force-pushed the aws-azure-gcp-dual-stack branch 2 times, most recently from 6652e10 to e7a5704 Compare August 8, 2025 19:17

sadasu mentioned this pull request Aug 11, 2025

CORS-4096: Add DNS Record Type for IPv6 Domain mapping #2361

Open

sadasu force-pushed the aws-azure-gcp-dual-stack branch 3 times, most recently from 0bcd978 to 628d0cf Compare August 12, 2025 16:15

JoelSpeed reviewed Aug 12, 2025

View reviewed changes

sadasu force-pushed the aws-azure-gcp-dual-stack branch from 628d0cf to fb36988 Compare August 14, 2025 02:57

JoelSpeed reviewed Aug 14, 2025

View reviewed changes

openshift-ci bot requested a review from jhixson74 August 26, 2025 21:37

openshift-merge-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Aug 26, 2025

sadasu force-pushed the aws-azure-gcp-dual-stack branch from fb36988 to fd1a3b1 Compare September 3, 2025 17:51

openshift-merge-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Sep 3, 2025

sadasu force-pushed the aws-azure-gcp-dual-stack branch 2 times, most recently from 414fc84 to 91558af Compare September 3, 2025 18:53

sadasu changed the title ~~CORS-4136, CORS-4157: Add Feature gates and update Infrastructure API for AWS, Azure and GCP Dual Stack support~~ CORS-4136, CORS-4157: Add Feature gates for AWS, Azure and GCP Dual Stack support Sep 3, 2025

openshift-ci bot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. labels Sep 3, 2025

Add Featuregates for Dual Stack support on AWS, Azure and GCP

5f5acf3

sadasu force-pushed the aws-azure-gcp-dual-stack branch from 91558af to 5f5acf3 Compare September 3, 2025 20:01

openshift-ci-robot added the verified Signifies that the PR passed pre-merge verification criteria label Sep 4, 2025

openshift-ci bot assigned JoelSpeed Sep 4, 2025

openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Sep 4, 2025

openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Sep 4, 2025

openshift-ci bot added the acknowledge-critical-fixes-only Indicates if the issuer of the label is OK with the policy. label Sep 4, 2025

sadasu changed the title ~~CORS-4136, CORS-4157: Add Feature gates for AWS, Azure and GCP Dual Stack support~~ CORS-4136: Add Feature gates for AWS, Azure and GCP Dual Stack support Sep 4, 2025

openshift-merge-bot bot merged commit a30da32 into openshift:master Sep 4, 2025
26 of 27 checks passed

		// +default="IPFamiliesIPv4"
		// +kubebuilder:default:="IPFamiliesIPv4"

CORS-4136: Add Feature gates for AWS, Azure and GCP Dual Stack support #2430

CORS-4136: Add Feature gates for AWS, Azure and GCP Dual Stack support #2430

Uh oh!

Conversation

sadasu commented Jul 31, 2025

Uh oh!

openshift-ci bot commented Jul 31, 2025

Uh oh!

openshift-ci-robot commented Jul 31, 2025 • edited by openshift-ci bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

jhixson74 commented Aug 26, 2025

Uh oh!

sadasu commented Sep 3, 2025

Uh oh!

sadasu commented Sep 3, 2025

Uh oh!

JoelSpeed commented Sep 4, 2025

Uh oh!

openshift-ci-robot commented Sep 4, 2025

Uh oh!

openshift-ci bot commented Sep 4, 2025

Uh oh!

sadasu commented Sep 4, 2025

Uh oh!

sadasu commented Sep 4, 2025

Uh oh!

openshift-ci-robot commented Sep 4, 2025 • edited by openshift-ci bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

openshift-ci bot commented Sep 4, 2025

Uh oh!

Uh oh!

Uh oh!

openshift-ci-robot commented Jul 31, 2025 •

edited by openshift-ci bot

Loading

openshift-ci-robot commented Sep 4, 2025 •

edited by openshift-ci bot

Loading