fritzlab-public/flock
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

defaults: built-in baseline is dual-stack (IPv6 + IPv4), not IPv6-only
Build flock Image / build (push) Has been cancelled
Details

Browse Source 
BuiltinFamilyDefaults() now returns {WantV6: true, WantV4: true}. Pods
that want a single family explicitly opt out via the
flock.fritzlab.net/ipv4 (or ipv6) annotation, or the operator narrows
the default at the node level via NodeConfig.Spec.Defaults.

Annotation precedence is unchanged: pod annotation > NodeConfig defaults
> built-in baseline. Tests updated to reflect the new baseline; the
"opt out of v4" path now has explicit coverage.

Docs updated:
  - NodeConfig.Spec.Defaults Go doc + CRD descriptions reflect the new
    baseline and its overrides
  - README opening framing softened from "IPv6-first" to "dual-stack,
    IPv6-friendly"; example pods + spec.defaults table flipped to
    treat dual-stack as the default and v6/v4-only as overrides
  - README NetworkPolicy line in the comparison table flipped to
    "yes (nftables)" since v1 enforcement shipped
  - Limitations note about IPv4-only destinations rewritten — every
    pod has v4 by default now, so the question is whether your IPv4
    pool is routable beyond your network

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Donavan Fritz
2026-04-25 10:07:48 -05:00
parent a7dc7bf1f4
commit a6202a36bd
7 changed files with 76 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pkg/api/v1alpha1/nodeconfig_types.go
+6 -6
View File
@@ -35,13 +35,13 @@ type NodeConfigSpec struct {
// always override these defaults.
//
// When a field is unset (nil), the agent falls back to its built-in
// baseline of IPv6=true, IPv4=false. When the whole Defaults block is
// nil, both built-in defaults apply.
// baseline of IPv6=true, IPv4=true (dual-stack). When the whole Defaults
// block is nil, both built-in defaults apply.
//
// Typical uses:
// - dual-stack node: Defaults: { ipv6: true, ipv4: true }
// - IPv4-only node: Defaults: { ipv6: false, ipv4: true }
// - default (omit Defaults entirely): IPv6-only.
// - dual-stack node (built-in default): omit Defaults entirely.
// - IPv6-only node: Defaults: { ipv6: true, ipv4: false }
// - IPv4-only node: Defaults: { ipv6: false, ipv4: true }
//
// Validation: at least one of IPv6 or IPv4 must end up true after merging
// (annotations + defaults + built-in baseline). The agent rejects pods
@@ -58,7 +58,7 @@ type FamilyDefaults struct {
IPv6 *bool `json:"ipv6,omitempty"`
// IPv4 is the default value for the `flock.fritzlab.net/ipv4` annotation.
// nil → fall back to the built-in baseline (false).
// nil → fall back to the built-in baseline (true).
IPv4 *bool `json:"ipv4,omitempty"`
}