From 07ee0c220697a43e5ef7af27131326273e0109f4 Mon Sep 17 00:00:00 2001
From: John Gardiner Myers <jgmyers@proofpoint.com>
Date: Tue, 8 Jun 2021 23:29:40 -0700
Subject: [PATCH] Simplify Calico IPv6 configuration

---
 k8s/crds/kops.k8s.io_clusters.yaml            |  8 --------
 pkg/apis/kops/networking.go                   |  6 ------
 pkg/apis/kops/v1alpha2/networking.go          |  6 ------
 .../kops/v1alpha2/zz_generated.conversion.go  |  4 ----
 .../kops/v1alpha2/zz_generated.deepcopy.go    | 10 ----------
 pkg/apis/kops/zz_generated.deepcopy.go        | 10 ----------
 .../k8s-1.16.yaml.template                    | 19 +++++++++----------
 7 files changed, 9 insertions(+), 54 deletions(-)

diff --git a/k8s/crds/kops.k8s.io_clusters.yaml b/k8s/crds/kops.k8s.io_clusters.yaml
index a0ca411083..d98c9031e7 100644
--- a/k8s/crds/kops.k8s.io_clusters.yaml
+++ b/k8s/crds/kops.k8s.io_clusters.yaml
@@ -3236,10 +3236,6 @@ spec:
                           (default), "can-reach=DESTINATION", "interface=INTERFACE-REGEX",
                           or "skip-interface=INTERFACE-REGEX"'
                         type: string
-                      ipv4Support:
-                        description: 'IPv4Support enables Calico networking and security
-                          for IPv4 traffic. Default: "true"'
-                        type: boolean
                       ipv6AutoDetectionMethod:
                         description: 'IPv6AutoDetectionMethod configures how Calico
                           chooses the IP address used to route between nodes.  This
@@ -3248,10 +3244,6 @@ spec:
                           (default), "can-reach=DESTINATION", "interface=INTERFACE-REGEX",
                           or "skip-interface=INTERFACE-REGEX"'
                         type: string
-                      ipv6Support:
-                        description: 'IPv6Support enables Calico networking and security
-                          for IPv6 traffic. Default: "false"'
-                        type: boolean
                       logSeverityScreen:
                         description: 'LogSeverityScreen lets us set the desired log
                           level. (Default: info)'
diff --git a/pkg/apis/kops/networking.go b/pkg/apis/kops/networking.go
index ec3edbf686..986b9832ed 100644
--- a/pkg/apis/kops/networking.go
+++ b/pkg/apis/kops/networking.go
@@ -150,18 +150,12 @@ type CalicoNetworkingSpec struct {
 	// Options: "first-found" (default), "can-reach=DESTINATION",
 	// "interface=INTERFACE-REGEX", or "skip-interface=INTERFACE-REGEX"
 	IPv4AutoDetectionMethod string `json:"ipv4AutoDetectionMethod,omitempty"`
-	// IPv4Support enables Calico networking and security for IPv4 traffic.
-	// Default: "true"
-	IPv4Support *bool `json:"ipv4Support,omitempty"`
 	// IPv6AutoDetectionMethod configures how Calico chooses the IP address used to route
 	// between nodes.  This should be set when the host has multiple interfaces
 	// and it is important to select the interface used.
 	// Options: "first-found" (default), "can-reach=DESTINATION",
 	// "interface=INTERFACE-REGEX", or "skip-interface=INTERFACE-REGEX"
 	IPv6AutoDetectionMethod string `json:"ipv6AutoDetectionMethod,omitempty"`
-	// IPv6Support enables Calico networking and security for IPv6 traffic.
-	// Default: "false"
-	IPv6Support *bool `json:"ipv6Support,omitempty"`
 	// IptablesBackend controls which variant of iptables binary Felix uses
 	// Default: Auto (other options: Legacy, NFT)
 	IptablesBackend string `json:"iptablesBackend,omitempty"`
diff --git a/pkg/apis/kops/v1alpha2/networking.go b/pkg/apis/kops/v1alpha2/networking.go
index 1b6e7c210d..fa8ee5e1c2 100644
--- a/pkg/apis/kops/v1alpha2/networking.go
+++ b/pkg/apis/kops/v1alpha2/networking.go
@@ -150,18 +150,12 @@ type CalicoNetworkingSpec struct {
 	// Options: "first-found" (default), "can-reach=DESTINATION",
 	// "interface=INTERFACE-REGEX", or "skip-interface=INTERFACE-REGEX"
 	IPv4AutoDetectionMethod string `json:"ipv4AutoDetectionMethod,omitempty"`
-	// IPv4Support enables Calico networking and security for IPv4 traffic.
-	// Default: "true"
-	IPv4Support *bool `json:"ipv4Support,omitempty"`
 	// IPv6AutoDetectionMethod configures how Calico chooses the IP address used to route
 	// between nodes.  This should be set when the host has multiple interfaces
 	// and it is important to select the interface used.
 	// Options: "first-found" (default), "can-reach=DESTINATION",
 	// "interface=INTERFACE-REGEX", or "skip-interface=INTERFACE-REGEX"
 	IPv6AutoDetectionMethod string `json:"ipv6AutoDetectionMethod,omitempty"`
-	// IPv6Support enables Calico networking and security for IPv6 traffic.
-	// Default: "false"
-	IPv6Support *bool `json:"ipv6Support,omitempty"`
 	// IptablesBackend controls which variant of iptables binary Felix uses
 	// Default: Auto (other options: Legacy, NFT)
 	IptablesBackend string `json:"iptablesBackend,omitempty"`
diff --git a/pkg/apis/kops/v1alpha2/zz_generated.conversion.go b/pkg/apis/kops/v1alpha2/zz_generated.conversion.go
index 93fed20a50..e78d6f7302 100644
--- a/pkg/apis/kops/v1alpha2/zz_generated.conversion.go
+++ b/pkg/apis/kops/v1alpha2/zz_generated.conversion.go
@@ -1596,9 +1596,7 @@ func autoConvert_v1alpha2_CalicoNetworkingSpec_To_kops_CalicoNetworkingSpec(in *
 	out.EncapsulationMode = in.EncapsulationMode
 	out.IPIPMode = in.IPIPMode
 	out.IPv4AutoDetectionMethod = in.IPv4AutoDetectionMethod
-	out.IPv4Support = in.IPv4Support
 	out.IPv6AutoDetectionMethod = in.IPv6AutoDetectionMethod
-	out.IPv6Support = in.IPv6Support
 	out.IptablesBackend = in.IptablesBackend
 	out.LogSeverityScreen = in.LogSeverityScreen
 	out.MTU = in.MTU
@@ -1633,9 +1631,7 @@ func autoConvert_kops_CalicoNetworkingSpec_To_v1alpha2_CalicoNetworkingSpec(in *
 	out.EncapsulationMode = in.EncapsulationMode
 	out.IPIPMode = in.IPIPMode
 	out.IPv4AutoDetectionMethod = in.IPv4AutoDetectionMethod
-	out.IPv4Support = in.IPv4Support
 	out.IPv6AutoDetectionMethod = in.IPv6AutoDetectionMethod
-	out.IPv6Support = in.IPv6Support
 	out.IptablesBackend = in.IptablesBackend
 	out.LogSeverityScreen = in.LogSeverityScreen
 	out.MTU = in.MTU
diff --git a/pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go b/pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go
index 6324224ae5..34e57757f3 100644
--- a/pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go
+++ b/pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go
@@ -389,16 +389,6 @@ func (in *CalicoNetworkingSpec) DeepCopyInto(out *CalicoNetworkingSpec) {
 		x := (*in).DeepCopy()
 		*out = &x
 	}
-	if in.IPv4Support != nil {
-		in, out := &in.IPv4Support, &out.IPv4Support
-		*out = new(bool)
-		**out = **in
-	}
-	if in.IPv6Support != nil {
-		in, out := &in.IPv6Support, &out.IPv6Support
-		*out = new(bool)
-		**out = **in
-	}
 	if in.MTU != nil {
 		in, out := &in.MTU, &out.MTU
 		*out = new(int32)
diff --git a/pkg/apis/kops/zz_generated.deepcopy.go b/pkg/apis/kops/zz_generated.deepcopy.go
index 2601e3dfc5..b8a613002b 100644
--- a/pkg/apis/kops/zz_generated.deepcopy.go
+++ b/pkg/apis/kops/zz_generated.deepcopy.go
@@ -389,16 +389,6 @@ func (in *CalicoNetworkingSpec) DeepCopyInto(out *CalicoNetworkingSpec) {
 		x := (*in).DeepCopy()
 		*out = &x
 	}
-	if in.IPv4Support != nil {
-		in, out := &in.IPv4Support, &out.IPv4Support
-		*out = new(bool)
-		**out = **in
-	}
-	if in.IPv6Support != nil {
-		in, out := &in.IPv6Support, &out.IPv6Support
-		*out = new(bool)
-		**out = **in
-	}
 	if in.MTU != nil {
 		in, out := &in.MTU, &out.MTU
 		*out = new(int32)
diff --git a/upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.16.yaml.template b/upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.16.yaml.template
index 499b46f048..f52cdb8ba8 100644
--- a/upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.16.yaml.template
+++ b/upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.16.yaml.template
@@ -52,8 +52,8 @@ data:
           "nodename": "__KUBERNETES_NODE_NAME__",
           "mtu": __CNI_MTU__,
           "ipam": {
-              "assign_ipv4": "{{ WithDefaultBool .Networking.Calico.IPv4Support true }}",
-              "assign_ipv6": "{{ WithDefaultBool .Networking.Calico.IPv6Support false }}",
+              "assign_ipv4": "{{ not IsIPv6Only }}",
+              "assign_ipv6": "{{ IsIPv6Only }}",
               "type": "calico-ipam"
           },
           "policy": {
@@ -3827,9 +3827,9 @@ spec:
               value: "kops,bgp"
             # Auto-detect the BGP IP address.
             - name: IP
-              value: "{{- if (WithDefaultBool .Networking.Calico.IPv4Support true) -}}autodetect{{- else -}}none{{- end -}}"
+              value: "{{- if not IsIPv6Only -}}autodetect{{- else -}}none{{- end -}}"
             - name: IP6
-              value: "{{- if (WithDefaultBool .Networking.Calico.IPv6Support false) -}}autodetect{{- else -}}none{{- end -}}"
+              value: "{{- if IsIPv6Only -}}autodetect{{- else -}}none{{- end -}}"
             - name: IP_AUTODETECTION_METHOD
               value: "{{- or .Networking.Calico.IPv4AutoDetectionMethod "first-found" }}"
             - name: IP6_AUTODETECTION_METHOD
@@ -3861,14 +3861,14 @@ spec:
             # The default IPv4 pool to create on startup if none exists. Pod IPs will be
             # chosen from this range. Changing this value after installation will have
             # no effect. This should fall within `--cluster-cidr`.
-            {{- if (WithDefaultBool .Networking.Calico.IPv6Support false) }}
+            {{- if IsIPv6Only }}
             - name: CALICO_IPV6POOL_CIDR
               value: "{{ .KubeControllerManager.ClusterCIDR }}"
             - name: CALICO_IPV6POOL_NAT_OUTGOING
               value: "true"
             - name: CALICO_ROUTER_ID
               value: "hash"
-            {{- else if (WithDefaultBool .Networking.Calico.IPv4Support true) }}
+            {{- else }}
             - name: CALICO_IPV4POOL_CIDR
               value: "{{ .KubeControllerManager.ClusterCIDR }}"
             {{- end }}
@@ -3878,9 +3878,8 @@ spec:
             # Set Felix endpoint to host default action to ACCEPT.
             - name: FELIX_DEFAULTENDPOINTTOHOSTACTION
               value: "ACCEPT"
-            # Disable IPv6 on Kubernetes.
             - name: FELIX_IPV6SUPPORT
-              value: "{{ WithDefaultBool .Networking.Calico.IPv6Support false }}"
+              value: "{{ IsIPv6Only }}"
             - name: FELIX_HEALTHENABLED
               value: "true"
 
@@ -3942,7 +3941,7 @@ spec:
               {{- if eq .Networking.Calico.EncapsulationMode "ipip" }}
               - -bird-live
               {{- end }}
-              {{- if (WithDefaultBool .Networking.Calico.IPv6Support false) }}
+              {{- if IsIPv6Only }}
               - -bird6-live
               {{- end }}
             periodSeconds: 10
@@ -3956,7 +3955,7 @@ spec:
               {{- if eq .Networking.Calico.EncapsulationMode "ipip" }}
               - -bird-ready
               {{- end }}
-              {{- if (WithDefaultBool .Networking.Calico.IPv6Support false) }}
+              {{- if IsIPv6Only }}
               - -bird6-ready
               {{- end }}
             periodSeconds: 10