tigera · rene-dekker · Nov 20, 2023 · Oct 26, 2023 · Nov 20, 2023 · Nov 20, 2023
@@ -152,12 +152,20 @@ func validateCustomResource(instance *operatorv1.Installation) error {
 			}
 		}
 
+		if bpfDataplane && v4pool != nil && v6pool != nil {
+			return fmt.Errorf("bpf dataplane does not support dual stack")
+		}
+
 		if v4pool != nil {
 			_, cidr, err := net.ParseCIDR(v4pool.CIDR)
 			if err != nil {
 				return fmt.Errorf("ipPool.CIDR(%s) is invalid: %s", v4pool.CIDR, err)
 			}
 
+			if bpfDataplane && instance.Spec.CalicoNetwork.NodeAddressAutodetectionV4 == nil {
+				return fmt.Errorf("spec.calicoNetwork.nodeAddressAutodetectionV4 is required for the BPF dataplane")
+			}
+
 			if instance.Spec.CNI.Type == operatorv1.PluginCalico {
 				switch instance.Spec.CNI.IPAM.Type {
 				case operatorv1.IPAMPluginCalico:
@@ -240,8 +248,8 @@ func validateCustomResource(instance *operatorv1.Installation) error {
 				return fmt.Errorf("IPIP encapsulation is not supported by IPv6 pools, but it is set for %s", v6pool.CIDR)
 			}
 
-			if bpfDataplane {
-				return fmt.Errorf("IPv6 IP pool is specified but eBPF mode does not support IPv6")
+			if bpfDataplane && instance.Spec.CalicoNetwork.NodeAddressAutodetectionV6 == nil {
+				return fmt.Errorf("spec.calicoNetwork.nodeAddressAutodetectionV6 is required for the BPF dataplane")
 			}
 
 			// Verify NAT outgoing values.
@@ -291,10 +299,6 @@ func validateCustomResource(instance *operatorv1.Installation) error {
 			}
 		}
 
-		if bpfDataplane && instance.Spec.CalicoNetwork.NodeAddressAutodetectionV4 == nil {
-			return fmt.Errorf("spec.calicoNetwork.nodeAddressAutodetectionV4 is required for the BPF dataplane")
-		}
-
 		if instance.Spec.CalicoNetwork.NodeAddressAutodetectionV4 != nil {
 			err := validateNodeAddressDetection(instance.Spec.CalicoNetwork.NodeAddressAutodetectionV4)
 			if err != nil {

@@ -74,7 +74,7 @@ var _ = Describe("Installation validation tests", func() {
 		Expect(err).NotTo(HaveOccurred())
 	})
 
-	It("should prevent IPv6 if BPF is enabled", func() {
+	It("should allow IPv6 if BPF is enabled", func() {
 		bpf := operator.LinuxDataplaneBPF
 		instance.Spec.CalicoNetwork.LinuxDataplane = &bpf
 		instance.Spec.CalicoNetwork.IPPools = []operator.IPPool{
@@ -85,8 +85,38 @@ var _ = Describe("Installation validation tests", func() {
 				NodeSelector:  "all()",
 			},
 		}
+		instance.Spec.CalicoNetwork.NodeAddressAutodetectionV6 = &operator.NodeAddressAutodetection{
+			CanReach: "2001:4860:4860::8888",
+		}
+		err := validateCustomResource(instance)
+		Expect(err).To(BeNil())
+	})
+
+	It("should not allow dual stack (both IPv4 and IPv6) if BPF is enabled", func() {
+		bpf := operator.LinuxDataplaneBPF
+		instance.Spec.CalicoNetwork.LinuxDataplane = &bpf
+		instance.Spec.CalicoNetwork.IPPools = []operator.IPPool{
+			{
+				CIDR:          "1eef::/64",
+				NATOutgoing:   operator.NATOutgoingEnabled,
+				Encapsulation: operator.EncapsulationNone,
+				NodeSelector:  "all()",
+			},
+			{
+				CIDR:          "192.168.0.0/27",
+				Encapsulation: operator.EncapsulationNone,
+				NATOutgoing:   operator.NATOutgoingEnabled,
+				NodeSelector:  "all()",
+			},
+		}
+		instance.Spec.CalicoNetwork.NodeAddressAutodetectionV6 = &operator.NodeAddressAutodetection{
+			CanReach: "2001:4860:4860::8888",
+		}
+		instance.Spec.CalicoNetwork.NodeAddressAutodetectionV4 = &operator.NodeAddressAutodetection{
+			CanReach: "8.8.8.8",
+		}
 		err := validateCustomResource(instance)
-		Expect(err).To(MatchError("IPv6 IP pool is specified but eBPF mode does not support IPv6"))
+		Expect(err).To(MatchError("bpf dataplane does not support dual stack"))
 	})
 
 	It("should allow IPv6 VXLAN", func() {