Update DHCP broadcast interface handling:

Use 127.1.1.1/32 for the DHCP broadcast interface
instead of the load balancer IP. Using the load balancer
IP can cause instability with that address and routing
to Kubernetes services.

Make the DHCP broadcast interface name static. The dynamic
number added to the name Helm to restarts on every Helm deploy.

Add ipvlan support for the DHCP broadcast interface. This allows
deployment where creating and broadcasting a new mac address is
prohibited. Vmware for example.

Signed-off-by: Jacob Weinstock <[email protected]>

tinkerbell/stack/templates/nginx.yaml

@@ -1,6 +1,11 @@
 {{- if .Values.stack.enabled }}
 {{- $sourceInterface := .Values.stack.relay.sourceInterface -}}
-{{- $macvlanInterfaceName := printf "%s%s" "macvlan" (randNumeric 2) -}}
+{{- if eq .Values.stack.relay.interfaceMode "ipvlan" -}}
+{{- $dhcpInterfaceType := "ipvlan" -}}
+{{- else -}}
+{{- $dhcpInterfaceType := "macvlan" -}}
+{{- end -}}
+{{- $dhcpInterfaceName := printf "%s0" $dhcpInterfaceType -}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -74,7 +79,7 @@ spec:
         {{- end }}
       - name: {{ .Values.stack.relay.name }}
         image: {{ .Values.stack.relay.image }}
-        args: ["-m", "{{ .Values.stack.relay.presentGiaddrAction }}", "-c", "{{ .Values.stack.relay.maxHopCount }}", "-id", "{{ $macvlanInterfaceName }}", "-iu", "eth0", "-U", "eth0", "smee.{{ .Release.Namespace }}.svc.{{ .Values.stack.clusterDomain }}."]
+        args: ["-m", "{{ .Values.stack.relay.presentGiaddrAction }}", "-c", "{{ .Values.stack.relay.maxHopCount }}", "-id", "{{ $dhcpInterfaceName }}", "-iu", "eth0", "-U", "eth0", "smee.{{ .Release.Namespace }}.svc.{{ .Values.stack.clusterDomain }}."]
         ports:
         - containerPort: 67
           protocol: UDP
@@ -119,14 +124,18 @@ spec:
               srcInterface=$(nsenter -t1 -n ip route | awk '/default/ {print $5}' | head -n1)
             fi
             # Create a macvlan interface. TODO: If this fails, try again with a different name?
-            nsenter -t1 -n ip link add {{ $macvlanInterfaceName }} link ${srcInterface} type macvlan mode bridge
+            {{- if eq $dhcpInterfaceType "ipvlan" }}
+            nsenter -t1 -n ip link add {{ $dhcpInterfaceName }} link ${srcInterface} type ipvlan mode l2
+            {{- else }}
+            nsenter -t1 -n ip link add {{ $dhcpInterfaceName }} link ${srcInterface} type macvlan mode bridge
+            {{- end }}
             # Move the interface into the POD.
             pid=$(echo $$)
-            nsenter -t1 -n ip link set {{ $macvlanInterfaceName }} netns ${pid} || nsenter -t1 -n ip link delete {{ $macvlanInterfaceName }}
+            nsenter -t1 -n ip link set {{ $dhcpInterfaceName }} netns ${pid} || nsenter -t1 -n ip link delete {{ $dhcpInterfaceName }}
             # Set the macvlan interface up
-            ip link set {{ $macvlanInterfaceName }} up
+            ip link set {{ $dhcpInterfaceName }} up
             # Set the IP address
-            ip addr add {{ .Values.stack.loadBalancerIP }}/32 dev {{ $macvlanInterfaceName }} noprefixroute
+            ip addr add 127.1.1.1/32 dev {{ $dhcpInterfaceName }} noprefixroute
         image: alpine
         securityContext:
           privileged: true

tinkerbell/stack/values.yaml

@@ -26,7 +26,7 @@ stack:
   kubevip:
     enabled: true
     name: kube-vip
-    image: ghcr.io/kube-vip/kube-vip:v0.6.3
+    image: ghcr.io/kube-vip/kube-vip:v0.7.2
     imagePullPolicy: IfNotPresent
     roleName: kube-vip-role
     roleBindingName: kube-vip-rolebinding
@@ -50,6 +50,9 @@ stack:
     # When unset, the interface from the default route will be used.
     # sourceInterface: eno1
     # TODO(jacobweinstock): add feature to be able to disable listening for broadcast traffic.
+    # interfaceMode determines how we create the interface needed to listen for DHCP broadcast traffic.
+    # by default macvlan is used. ipvlan is the only other option.
+    # interfaceMode: ipvlan
 
 # -- Overrides
 # The values defined here override those in the individual charts. Some of them require tweaking