awslabs · suket22 · Oct 6, 2021 · Jul 13, 2021 · Jul 21, 2021 · Jul 29, 2021
diff --git a/files/bootstrap.sh b/files/bootstrap.sh
@@ -27,6 +27,8 @@ function print_help {
     echo "--pause-container-account The AWS account (number) to pull the pause container from"
     echo "--pause-container-version The tag of the pause container"
     echo "--container-runtime Specify a container runtime (default: dockerd)"
+    echo "--ip-family Specify ip family of the cluster"
+    echo "--service-ipv6-cidr ipv6 cidr range of the cluster"
 }
 
 POSITIONAL=()
@@ -93,6 +95,16 @@ while [[ $# -gt 0 ]]; do
             shift
             shift
             ;;
+        --ip-family)
+            IP_FAMILY=$2
+            shift
+            shift
+            ;;
+        --service-ipv6-cidr)
+            SERVICE_IPV6_CIDR=$2
+            shift
+            shift
+            ;;
         *)    # unknown option
             POSITIONAL+=("$1") # save it in an array for later
             shift # past argument
@@ -116,6 +128,8 @@ API_RETRY_ATTEMPTS="${API_RETRY_ATTEMPTS:-3}"
 DOCKER_CONFIG_JSON="${DOCKER_CONFIG_JSON:-}"
 PAUSE_CONTAINER_VERSION="${PAUSE_CONTAINER_VERSION:-3.1-eksbuild.1}"
 CONTAINER_RUNTIME="${CONTAINER_RUNTIME:-dockerd}"
+IP_FAMILY="${IP_FAMILY:-}"
+SERVICE_IPV6_CIDR="${SERVICE_IPV6_CIDR:-}"
 
 function get_pause_container_account_for_region () {
     local region="$1"
@@ -279,6 +293,25 @@ if [ -z "$CLUSTER_NAME" ]; then
     exit  1
 fi
 
+if [[ ! -z "${IP_FAMILY}" ]]; then
+  if [[ "${IP_FAMILY}" != "ipv4" ]] && [[ "${IP_FAMILY}" != "ipv6" ]] ; then
+        echo "Invalid IpFamily. Only ipv4 or ipv6 are allowed"
+        exit 1
+  fi
+
+  if [[ "${IP_FAMILY}" == "ipv6" ]] && [[ ! -z "${B64_CLUSTER_CA}" ]] && [[ ! -z "${APISERVER_ENDPOINT}" ]] && [[ -z "${SERVICE_IPV6_CIDR}" ]]; then
+        echo "Service Ipv6 Cidr must be provided when ip-family is specified as IPV6"
+        exit 1
+  fi
+fi
+
+if [[ ! -z "${SERVICE_IPV6_CIDR}" ]]; then
+     if [[ "${IP_FAMILY}" == "ipv4" ]]; then
+            echo "ip-family should be ipv6 when service-ipv6-cidr is specified"
+            exit 1
+      fi
+      IP_FAMILY="ipv6"
+fi
 
 TOKEN=$(get_token)
 AWS_DEFAULT_REGION=$(get_meta_data 'latest/dynamic/instance-identity/document' | jq .region -r)
@@ -317,7 +350,7 @@ if [[ -z "${B64_CLUSTER_CA}" ]] || [[ -z "${APISERVER_ENDPOINT}" ]]; then
             --region=${AWS_DEFAULT_REGION} \
             --name=${CLUSTER_NAME} \
             --output=text \
-            --query 'cluster.{certificateAuthorityData: certificateAuthority.data, endpoint: endpoint, kubernetesNetworkConfig: kubernetesNetworkConfig.serviceIpv4Cidr}' > $DESCRIBE_CLUSTER_RESULT || rc=$?
+            --query 'cluster.{certificateAuthorityData: certificateAuthority.data, endpoint: endpoint, serviceIpv4Cidr: kubernetesNetworkConfig.serviceIpv4Cidr, serviceIpv6Cidr: kubernetesNetworkConfig.serviceIpv6Cidr, clusterIpFamily: kubernetesNetworkConfig.ipFamily}' > $DESCRIBE_CLUSTER_RESULT || rc=$?
         if [[ $rc -eq 0 ]]; then
             break
         fi
@@ -329,8 +362,19 @@ if [[ -z "${B64_CLUSTER_CA}" ]] || [[ -z "${APISERVER_ENDPOINT}" ]]; then
         sleep $sleep_sec
     done
     B64_CLUSTER_CA=$(cat $DESCRIBE_CLUSTER_RESULT | awk '{print $1}')
-    APISERVER_ENDPOINT=$(cat $DESCRIBE_CLUSTER_RESULT | awk '{print $2}')
-    SERVICE_IPV4_CIDR=$(cat $DESCRIBE_CLUSTER_RESULT | awk '{print $3}')
+    APISERVER_ENDPOINT=$(cat $DESCRIBE_CLUSTER_RESULT | awk '{print $3}')
+    SERVICE_IPV4_CIDR=$(cat $DESCRIBE_CLUSTER_RESULT | awk '{print $4}')
+    SERVICE_IPV6_CIDR=$(cat $DESCRIBE_CLUSTER_RESULT | awk '{print $5}')
+fi
+
+if [[ -z "${IP_FAMILY}" ]]; then
+      IP_FAMILY=$(cat $DESCRIBE_CLUSTER_RESULT | awk '{print $2}')
+fi
+
+if [[ -z "${IP_FAMILY}" ]] || [[ "${IP_FAMILY}" == "None" ]]; then
+       ### this can happen when the ifFamily field is not found in describeCluster response
+       ### or B64_CLUSTER_CA and APISERVER_ENDPOINT are defined but IPFamily isn't
+       IP_FAMILY="ipv4"
 fi
 
 echo $B64_CLUSTER_CA | base64 -d > $CA_CERTIFICATE_FILE_PATH
@@ -340,12 +384,17 @@ sed -i s,MASTER_ENDPOINT,$APISERVER_ENDPOINT,g /var/lib/kubelet/kubeconfig
 sed -i s,AWS_REGION,$AWS_DEFAULT_REGION,g /var/lib/kubelet/kubeconfig
 ### kubelet.service configuration
 
+if [[ "${IP_FAMILY}" == "ipv6" ]]; then
+      DNS_CLUSTER_IP=$(awk -F/ '{print $1}' <<< $SERVICE_IPV6_CIDR)a
+fi
+
+MAC=$(get_meta_data 'latest/meta-data/network/interfaces/macs/' | head -n 1 | sed 's/\/$//')
+
 if [[ -z "${DNS_CLUSTER_IP}" ]]; then
   if [[ ! -z "${SERVICE_IPV4_CIDR}" ]] && [[ "${SERVICE_IPV4_CIDR}" != "None" ]] ; then
     #Sets the DNS Cluster IP address that would be chosen from the serviceIpv4Cidr. (x.y.z.10)
     DNS_CLUSTER_IP=${SERVICE_IPV4_CIDR%.*}.10
   else
-    MAC=$(get_meta_data 'latest/meta-data/network/interfaces/macs/' | head -n 1 | sed 's/\/$//')
     TEN_RANGE=$(get_meta_data "latest/meta-data/network/interfaces/macs/$MAC/vpc-ipv4-cidr-blocks" | grep -c '^10\..*' || true )
     DNS_CLUSTER_IP=10.100.0.10
     if [[ "$TEN_RANGE" != "0" ]]; then
@@ -359,7 +408,12 @@ fi
 KUBELET_CONFIG=/etc/kubernetes/kubelet/kubelet-config.json
 echo "$(jq ".clusterDNS=[\"$DNS_CLUSTER_IP\"]" $KUBELET_CONFIG)" > $KUBELET_CONFIG
 
-INTERNAL_IP=$(get_meta_data 'latest/meta-data/local-ipv4')
+if [[ "${IP_FAMILY}" == "ipv4" ]]; then
+     INTERNAL_IP=$(get_meta_data 'latest/meta-data/local-ipv4')
+else
+     INTERNAL_IP_URI=latest/meta-data/network/interfaces/macs/$MAC/ipv6s
+     INTERNAL_IP=$(get_meta_data $INTERNAL_IP_URI)
+fi
 INSTANCE_TYPE=$(get_meta_data 'latest/meta-data/instance-type')
 
 # Sets kubeReserved and evictionHard in /etc/kubernetes/kubelet/kubelet-config.json for worker nodes. The following two function