Configure dualstack endpoint for s3

Use dualstack https endpoints on ipv6only cluster. Always use
dualstack endpoints through the SDK

pkg/model/components/discovery.go

@@ -68,7 +68,7 @@ func (b *DiscoveryOptionsBuilder) BuildOptions(o interface{}) error {
 			}
 			switch base := base.(type) {
 			case *vfs.S3Path:
-				serviceAccountIssuer, err = base.GetHTTPsUrl()
+				serviceAccountIssuer, err = base.GetHTTPsUrl(clusterSpec.IsIPv6Only())
 				if err != nil {
 					return err
 				}

util/pkg/vfs/s3context.go

@@ -36,13 +36,11 @@ import (
 	"k8s.io/klog/v2"
 )
 
-var (
-	// matches all regional naming conventions of S3:
-	// https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region
-	// TODO: perhaps make region regex more specific, i.e. (us|eu|ap|cn|ca|sa), to prevent matching bucket names that match region format?
-	//       but that will mean updating this list when AWS introduces new regions
-	s3UrlRegexp = regexp.MustCompile(`(s3([-.](?P<region>\w{2}-\w+-\d{1})|[-.](?P<bucket>[\w.\-\_]+)|)?|(?P<bucket>[\w.\-\_]+)[.]s3([.](?P<region>\w{2}-\w+-\d{1}))?)[.]amazonaws[.]com([.]cn)?(?P<path>.*)?`)
-)
+// matches all regional naming conventions of S3:
+// https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region
+// TODO: perhaps make region regex more specific, i.e. (us|eu|ap|cn|ca|sa), to prevent matching bucket names that match region format?
+//       but that will mean updating this list when AWS introduces new regions
+var s3UrlRegexp = regexp.MustCompile(`(s3([-.](?P<region>\w{2}-\w+-\d{1})|[-.](?P<bucket>[\w.\-\_]+)|)?|(?P<bucket>[\w.\-\_]+)[.]s3([.](?P<region>\w{2}-\w+-\d{1}))?)[.]amazonaws[.]com([.]cn)?(?P<path>.*)?`)
 
 type S3BucketDetails struct {
 	// context is the S3Context we are associated with
@@ -84,7 +82,7 @@ func (s *S3Context) getClient(region string) (*s3.S3, error) {
 		var err error
 		endpoint := os.Getenv("S3_ENDPOINT")
 		if endpoint == "" {
-			config = aws.NewConfig().WithRegion(region)
+			config = aws.NewConfig().WithRegion(region).WithUseDualStack(true)
 			config = config.WithCredentialsChainVerboseErrors(true)
 		} else {
 			// Use customized S3 storage
@@ -363,7 +361,6 @@ func getRegionFromMetadata() (string, error) {
 
 	metadata := ec2metadata.New(metadataSession)
 	metadataRegion, err := metadata.Region()
-
 	if err != nil {
 		return "", fmt.Errorf("unable to get region from metadata: %v", err)
 	}

util/pkg/vfs/s3fs.go

@@ -30,6 +30,7 @@ import (
 	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/service/s3"
 	"k8s.io/klog/v2"
+
 	"k8s.io/kops/upup/pkg/fi/cloudup/terraformWriter"
 	"k8s.io/kops/util/pkg/hashing"
 )
@@ -48,9 +49,11 @@ type S3Path struct {
 	sse bool
 }
 
-var _ Path = &S3Path{}
-var _ TerraformPath = &S3Path{}
-var _ HasHash = &S3Path{}
+var (
+	_ Path          = &S3Path{}
+	_ TerraformPath = &S3Path{}
+	_ HasHash       = &S3Path{}
+)
 
 // S3Acl is an ACL implementation for objects on S3
 type S3Acl struct {
@@ -483,7 +486,7 @@ func (p *S3Path) Hash(a hashing.HashAlgorithm) (*hashing.Hash, error) {
 	return &hashing.Hash{Algorithm: hashing.HashAlgorithmMD5, HashValue: md5Bytes}, nil
 }
 
-func (p *S3Path) GetHTTPsUrl() (string, error) {
+func (p *S3Path) GetHTTPsUrl(dualstack bool) (string, error) {
 	if p.bucketDetails == nil {
 		bucketDetails, err := p.s3Context.getDetailsForBucket(p.bucket)
 		if err != nil {
@@ -491,7 +494,12 @@ func (p *S3Path) GetHTTPsUrl() (string, error) {
 		}
 		p.bucketDetails = bucketDetails
 	}
-	url := fmt.Sprintf("https://%s.s3.%s.amazonaws.com/%s", p.bucketDetails.name, p.bucketDetails.region, p.Key())
+	var url string
+	if dualstack {
+		url = fmt.Sprintf("https://s3.dualstack.%s.amazonaws.com/%s/%s", p.bucketDetails.region, p.bucketDetails.name, p.Key())
+	} else {
+		url = fmt.Sprintf("https://%s.s3.%s.amazonaws.com/%s", p.bucketDetails.name, p.bucketDetails.region, p.Key())
+	}
 	return strings.TrimSuffix(url, "/"), nil
 }