NE-6425 - Support for IPv6 (#138)

.gitignore

@@ -2,4 +2,5 @@ cloudify-manager-worker/caas-policies/
 cloudify-manager-worker/certs
 cloudify-manager-worker/scripts
 cloudify-manager-worker/charts/
+cloudify-services/charts/
 values-override.yaml

Makefile

@@ -8,6 +8,13 @@ dev-cluster:
 	kubectl delete -A ValidatingWebhookConfiguration ingress-nginx-admission
 .PHONY: dev-cluster
 
+dev-cluster-ipv6:
+	kind create cluster --config "dev-cluster/kind-config-ipv6.yaml"
+	kubectl apply -f dev-cluster/deploy-ipv6.yaml
+	# opt out of online validation, kind won't have access to the internet necessarily
+	kubectl delete -A ValidatingWebhookConfiguration ingress-nginx-admission
+.PHONY: dev-cluster-ipv6
+
 regcred:
 	dev-cluster/aws_regcred.sh
 .PHONY: regcred
@@ -38,4 +45,7 @@ load-images:
 deploy:
 	dev-cluster/default_values_override.sh
 	helm install cloudify-services ./cloudify-services --values values-override.yaml
+deploy-ipv6:
+	dev-cluster/default_values_override.sh
+	helm install cloudify-services ./cloudify-services --values values-override.yaml --values cloudify-services/values-ipv6.yaml
 .PHONY: deploy

cloudify-services/nginx-configs/templates/default.conf.template

@@ -45,6 +45,7 @@ map $http_upgrade $connection_upgrade {
 # REST and UI external server
 server {
   listen              443 ssl http2;
+  listen              [::]:443 ssl http2;
   server_name         _;
 
   ssl_certificate     /etc/cloudify/ssl/cloudify_external_cert.pem;
@@ -65,6 +66,7 @@ server {
 # this easy mode of accessing the manager (especially using cfy).
 server {
   listen              80;
+  listen              [::]:80;
   server_name         _;
 
   {{ if .Values.nginx.rate_limit.enabled }}
@@ -81,6 +83,7 @@ server {
 # REST and UI internal server - always SSL enabled
 server {
   listen              53333 ssl default_server http2;
+  listen              [::]:53333 ssl default_server http2;
 
   server_name         _;
 

cloudify-services/templates/rest-service.yaml

@@ -174,6 +174,8 @@ spec:
             {{- end }}
             - name: RUNTIME_ENVIRONMENT
               value: "k8s"
+            - name: BIND_HOST
+              value: "[::]"
           securityContext:
             allowPrivilegeEscalation: false
             runAsNonRoot: true

cloudify-services/templates/stage-backend.yaml

@@ -24,6 +24,8 @@ spec:
               value: http
             - name: RESTSERVICE_PORT
               value: "80"
+            - name: LISTEN_HOST
+              value: "::"
           image: {{ .Values.stage_backend.image }}
           imagePullPolicy: {{ .Values.stage_backend.imagePullPolicy }}
           securityContext:

cloudify-services/values-ipv6.yaml

@@ -0,0 +1,27 @@
+rabbitmq:
+  replicaCount: 1
+  initContainers:
+    - name: ipv6-init
+      image: "docker.io/busybox:1.33.1"
+      imagePullPolicy: IfNotPresent
+      volumeMounts:
+      - name: ipv6-cfg
+        mountPath: /ipv6
+      command: ['sh', '-c', 'echo "{inet6, true}." > /ipv6/erl_inetrc']
+  extraVolumes:
+    - name: ipv6-cfg
+      emptyDir: {}
+  extraVolumeMounts:
+    - name: ipv6-cfg
+      mountPath: /ipv6
+  extraEnvVars:
+    - name: RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS
+      value: "-kernel inetrc '/ipv6/erl_inetrc' -proto_dist inet6_tcp"
+    - name: RABBITMQ_CTL_ERL_ARGS
+      value: "-proto_dist inet6_tcp"
+  extraConfiguration: |-
+    management.ssl.ip         = ::
+    management.ssl.port       = 15671
+    management.ssl.cacertfile = /opt/bitnami/rabbitmq/certs/ca_certificate.pem
+    management.ssl.certfile   = /opt/bitnami/rabbitmq/certs/server_certificate.pem
+    management.ssl.keyfile    = /opt/bitnami/rabbitmq/certs/server_key.pem