From aef71b2c6a7aef8d745bd18fee17b04ffb102d63 Mon Sep 17 00:00:00 2001 From: Mike Matera Date: Fri, 23 Aug 2024 13:57:37 -0700 Subject: [PATCH 1/2] Enable setting ipFamiles and ipFamilyPolicy --- jupyterhub/templates/proxy/service.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/jupyterhub/templates/proxy/service.yaml b/jupyterhub/templates/proxy/service.yaml index 13321a0265..2d460ff03c 100644 --- a/jupyterhub/templates/proxy/service.yaml +++ b/jupyterhub/templates/proxy/service.yaml @@ -75,6 +75,15 @@ spec: {{- with .Values.proxy.service.loadBalancerIP }} loadBalancerIP: {{ . }} {{- end }} + {{- with .Values.proxy.service.ipFamilyPolicy }} + ipFamilyPolicy: {{ . }} + {{- end }} + {{- with .Values.proxy.service.ipFamilies }} + ipFamilies: + {{- range $family := . }} + - {{ $family }} + {{- end }} + {{- end }} {{- if eq .Values.proxy.service.type "LoadBalancer" }} {{- with .Values.proxy.service.loadBalancerSourceRanges }} loadBalancerSourceRanges: From 8a1a5a69baf03722749d494b0d6b46d79fe1595a Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Wed, 18 Sep 2024 12:51:23 +0200 Subject: [PATCH 2/2] Add config for k8s Services' ipFamilies and ipFamilyPolicy --- jupyterhub/templates/hub/service.yaml | 13 ++++++++++--- jupyterhub/templates/proxy/autohttps/service.yaml | 7 +++++++ jupyterhub/templates/proxy/service.yaml | 6 ++---- jupyterhub/values.schema.yaml | 12 ++++++++++++ jupyterhub/values.yaml | 2 ++ tools/templates/lint-and-validate-values.yaml | 7 +++++++ 6 files changed, 40 insertions(+), 7 deletions(-) diff --git a/jupyterhub/templates/hub/service.yaml b/jupyterhub/templates/hub/service.yaml index 13f80b58eb..b031d2ba54 100644 --- a/jupyterhub/templates/hub/service.yaml +++ b/jupyterhub/templates/hub/service.yaml @@ -19,9 +19,6 @@ metadata: {{- end }} spec: type: {{ .Values.hub.service.type }} - {{- with .Values.hub.service.loadBalancerIP }} - loadBalancerIP: {{ . }} - {{- end }} selector: {{- include "jupyterhub.matchLabels" . | nindent 4 }} ports: @@ -35,3 +32,13 @@ spec: {{- with .Values.hub.service.extraPorts }} {{- . | toYaml | nindent 4 }} {{- end }} + {{- with .Values.hub.service.loadBalancerIP }} + loadBalancerIP: {{ . }} + {{- end }} + {{- with .Values.hub.service.ipFamilyPolicy }} + ipFamilyPolicy: {{ . }} + {{- end }} + {{- with .Values.hub.service.ipFamilies }} + ipFamilies: + {{- . | toYaml | nindent 4 }} + {{- end }} diff --git a/jupyterhub/templates/proxy/autohttps/service.yaml b/jupyterhub/templates/proxy/autohttps/service.yaml index 615e36d5dc..3e2515ad18 100644 --- a/jupyterhub/templates/proxy/autohttps/service.yaml +++ b/jupyterhub/templates/proxy/autohttps/service.yaml @@ -22,4 +22,11 @@ spec: ports: - port: 8000 targetPort: http + {{- with .Values.proxy.service.ipFamilyPolicy }} + ipFamilyPolicy: {{ . }} + {{- end }} + {{- with .Values.proxy.service.ipFamilies }} + ipFamilies: + {{- . | toYaml | nindent 4 }} + {{- end }} {{- end }} diff --git a/jupyterhub/templates/proxy/service.yaml b/jupyterhub/templates/proxy/service.yaml index 2d460ff03c..a03b6e4644 100644 --- a/jupyterhub/templates/proxy/service.yaml +++ b/jupyterhub/templates/proxy/service.yaml @@ -79,10 +79,8 @@ spec: ipFamilyPolicy: {{ . }} {{- end }} {{- with .Values.proxy.service.ipFamilies }} - ipFamilies: - {{- range $family := . }} - - {{ $family }} - {{- end }} + ipFamilies: + {{- . | toYaml | nindent 4 }} {{- end }} {{- if eq .Values.proxy.service.type "LoadBalancer" }} {{- with .Values.proxy.service.loadBalancerSourceRanges }} diff --git a/jupyterhub/values.schema.yaml b/jupyterhub/values.schema.yaml index 88b9f91336..519aab4bd0 100644 --- a/jupyterhub/values.schema.yaml +++ b/jupyterhub/values.schema.yaml @@ -1127,6 +1127,16 @@ properties: A public IP address the hub Kubernetes service should be exposed on. To expose the hub directly is not recommended. Instead route traffic through the proxy-public service towards the hub. + ipFamilyPolicy: &ipFamilyPolicy-spec + type: [string] + description: | + See the [Kubernetes docs](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services) + for more info. + ipFamilies: &ipFamilies-spec + type: array + description: | + See the [Kubernetes docs](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services) + for more info. pdb: &pdb-spec type: object @@ -1744,6 +1754,8 @@ properties: description: | A list of IP CIDR ranges that are allowed to access the load balancer service. Defaults to allowing everyone to access it. + ipFamilyPolicy: *ipFamilyPolicy-spec + ipFamilies: *ipFamilies-spec https: type: object additionalProperties: false diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index 78c8f37f4d..f9eda444ab 100644 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -43,6 +43,8 @@ hub: nodePort: extraPorts: [] loadBalancerIP: + ipFamilyPolicy: "" + ipFamilies: [] baseUrl: / cookieSecret: initContainers: [] diff --git a/tools/templates/lint-and-validate-values.yaml b/tools/templates/lint-and-validate-values.yaml index 2c6de57ab3..6c9d5a6157 100644 --- a/tools/templates/lint-and-validate-values.yaml +++ b/tools/templates/lint-and-validate-values.yaml @@ -70,6 +70,9 @@ hub: - name: dummy-port-2 port: 8182 targetPort: string-named-target-port + ipFamilyPolicy: SingleStack + ipFamilies: + - IPv4 baseUrl: / activeServerLimit: 3 deploymentStrategy: @@ -223,6 +226,10 @@ proxy: nodePorts: http: https: + ipFamilyPolicy: DualStack + ipFamilies: + - IPv4 + - IPv6 chp: revisionHistoryLimit: 1 extraCommandLineFlags: