E.1 Support for IPv4 or IPV6 Configuration for CNC Console

CNC Console supports following deployment modes:

  1. Single Stack with IPv4 only
  2. Single Stack with IPv6 only
  3. DualStack with IPv4 Preferred
  4. DualStack with IPv6 Preferred

Procedure

To deploy the CNC Console in any of these supported modes:

  1. Before CNC Console deployment, update occncc_custom_values<version>.yaml file and set the cncc-iam.kc.preferIpv6Stack.enabled flag to desired value as mentioned in the below table.
  2. After CNC Console is deployed, the following CNC Console services must be backed up, deleted and reapplied with preferred IP_Family configuration as mentioned in the following table:

    Note:

    Below services have 'cncc' as the release name cncc-acore-ingress-gateway cncc-iam-ingress-gateway cncc-iam-kc-http cncc-mcore-cmservice cncc-mcore-ingress-gateway

    These services do not have any clusterIP assigned, and hence can be ignored. cncc-acore-igw-cache cncc-mcore-igw-cache cncc-iam-igw-cache cncc-iam-kc-headless.

    The following table outlines the changes to be made before and after deploying the CNC Console for each deployment mode:

    Table -9 Single or Dual Stack IP Configuration

    Cluster Deployment Mode CNC Console Deployment Mode CNC Console custom values.yaml (PreInstallation Step) Service configuration with preferred IP Family (PostInstallation Step)
    Single Stack with IPv4 only NA 
    cncc-iam:
  kc:
    preferIpv6Stack:
      enabled: false
    		 This will lead to no changes in the service file. Depending on the cluster, IPs will be assigned.
    Single Stack with IPv6 only NA 
    cncc-iam:
  kc:
    preferIpv6Stack:
      enabled: true
    		 This will lead to no changes in the service file. Depending on the cluster, IPs will be assigned.
    DualStack with IPv4 Preferred IPv4 Preferred 
    cncc-iam:
  kc:
    preferIpv6Stack:
      enabled: false
    		 This will lead to no changes in the service file. Depending on the cluster, IPs will be assigned.
    IPv6 Preferred 
    cncc-iam:
  kc:
    preferIpv6Stack:
      enabled: true
    		 
    spec:
  ipFamilyPolicy: RequireDualStack
  ipFamilies:
  - IPv6
  - IPv4
    DualStack with IPv6 Preferred IPv4 Preferred 
    cncc-iam:
  kc:
    preferIpv6Stack:
      enabled: false
    		 
    spec:
  ipFamilyPolicy: RequireDualStack
  ipFamilies:
  - IPv4
  - IPv6
    IPv6 Preferred 
    cncc-iam:
  kc:
    preferIpv6Stack:
      enabled: true
    		 This will lead to no changes in the service file. Depending on the cluster, IPs will be assigned.

Note:

Run the following commands to edit the service:
kubectl edit svc -n <cncc_namespace> <cncc_service>
For example:
kubectl edit svc -n cncc -n cncc-iam-ingress-gateway

Sample CNC Deployment with IPv6 on DualStack with IPv4 Preferred Setup

Consider an example where you want to deploy CNC Console preferred with IPv6 on DualStack with IPv4 Preferred setup. This example describes the configuration changes required for single service of CNC Console after the deployment. You must follow a similar procedure for rest of the CNC Console services. Here:
  • CNC Console deployment namespace: cncc
  • CNC Console release name: cncc
  • CNC Console service to be edited: cncc-iam-ingress-gateway
  • Infrastructure Deployment Mode: DualStack with IPv4 Preferred
  • CNC Console Deployment Mode: IPv6 Preferred
Procedure:
  1. Run the following command to verify that cncc-iam-ingress-gateway service is set to IPv4 address: 
    kubectl get svc cncc-iam-ingress-gateway -n cncc
    Output:
    NAME                                 TYPE           CLUSTER-IP      EXTERNAL-IP     PORT(S)             AGE
cncc-iam-ingress-gateway             LoadBalancer   1x.xxx.xx.xx    1x.xxx.xx.xx    30085:32556/TCP     5h8m
  2. Run the following command to take a backup of cncc-iam-ingress-gateway service and duplicate it for recovery purpose: 
    kubectl get svc cncc-iam-ingress-gateway -n cncc -o yaml > cncc-iam-ingress-gateway.yaml;

cp cncc-iam-ingress-gateway.yaml cncc-iam-ingress-gateway_orig.yaml;
  3. Run the following command to delete the original cncc-iam-ingress-gateway service:
    kubectl delete svc cncc-iam-ingress-gateway -n cncc
  4. Run the following command to edit the cncc-iam-ingress-gateway.yaml file generated as part of step 2:
    vim cncc-iam-ingress-gateway.yaml
  5. Update following in the cncc-iam-ingress-gateway.yaml:
    1. Delete clusterIPs and clusterIP fields completely.
      # Remove the clusterIP and clusterIPs field
...
spec:
  ...
  clusterIP: 1x.xxx.xx.xx
  clusterIPs:
  - 1x.xxx.xx.xx
...
    2. Under spec.ipFamilyPolicy set RequiredDualStack and under spec.ipFamilies set [- IPv6, - IPv4] as follows:
      apiVersion: v1
kind: Service
metadata:
  ...
  name: cncc-iam-ingress-gateway
  namespace: cncc
spec:
  allocateLoadBalancerNodePorts: true
  ...
  ...
  ipFamilies:
  - IPv6
  - IPv4
  ipFamilyPolicy: RequireDualStack
  ...
  ...
  sessionAffinity: None
  type: LoadBalancer
status:
  loadBalancer: {}
  6. Run the following command to apply the cncc-iam-ingress-gateway.yaml file:
    kubectl apply -f cncc-iam-ingress-gateway.yaml -n cncc
  7. Run the following command to check the service output. You should find the service with updated the IPv6 address:
    kubectl get svc cncc-iam-ingress-gateway -n cncc
    Output:
    NAME                                 TYPE           CLUSTER-IP          EXTERNAL-IP              PORT(S)             AGE
cncc-iam-ingress-gateway             LoadBalancer   xxxx:0:0:2::xxxx    xxxx:b400:605:xxx::3     30085:32556/TCP     5h8m