From a00845f454201e50666c0fbd51656e13245d31cf Mon Sep 17 00:00:00 2001
From: Jacob Weinstock <jakobweinstock@gmail.com>
Date: Thu, 28 Mar 2024 08:31:14 -0600
Subject: [PATCH] Update DHCP broadcast interface handling:

Use 127.1.1.1/32 for the DHCP broadcast interface
instead of the load balancer IP. Using the load balancer
IP can cause instability with that address and routing
to Kubernetes services.

Make the DHCP broadcast interface name static. The dynamic
number added to the name Helm to restarts on every Helm deploy.

Add ipvlan support for the DHCP broadcast interface. This allows
deployment where creating and broadcasting a new mac address is
prohibited. Vmware for example.

Signed-off-by: Jacob Weinstock <jakobweinstock@gmail.com>
---
 tinkerbell/stack/templates/nginx.yaml | 21 +++++++++++++++------
 tinkerbell/stack/values.yaml          |  5 ++++-
 2 files changed, 19 insertions(+), 7 deletions(-)

diff --git a/tinkerbell/stack/templates/nginx.yaml b/tinkerbell/stack/templates/nginx.yaml
index 96008bcb..09ab99da 100644
--- a/tinkerbell/stack/templates/nginx.yaml
+++ b/tinkerbell/stack/templates/nginx.yaml
@@ -1,6 +1,11 @@
 {{- if .Values.stack.enabled }}
 {{- $sourceInterface := .Values.stack.relay.sourceInterface -}}
-{{- $macvlanInterfaceName := printf "%s%s" "macvlan" (randNumeric 2) -}}
+{{- if eq .Values.stack.relay.interfaceMode "ipvlan" -}}
+{{- $dhcpInterfaceType := "ipvlan" -}}
+{{- else -}}
+{{- $dhcpInterfaceType := "macvlan" -}}
+{{- end -}}
+{{- $dhcpInterfaceName := printf "%s0" $dhcpInterfaceType -}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -74,7 +79,7 @@ spec:
         {{- end }}
       - name: {{ .Values.stack.relay.name }}
         image: {{ .Values.stack.relay.image }}
-        args: ["-m", "{{ .Values.stack.relay.presentGiaddrAction }}", "-c", "{{ .Values.stack.relay.maxHopCount }}", "-id", "{{ $macvlanInterfaceName }}", "-iu", "eth0", "-U", "eth0", "smee.{{ .Release.Namespace }}.svc.{{ .Values.stack.clusterDomain }}."]
+        args: ["-m", "{{ .Values.stack.relay.presentGiaddrAction }}", "-c", "{{ .Values.stack.relay.maxHopCount }}", "-id", "{{ $dhcpInterfaceName }}", "-iu", "eth0", "-U", "eth0", "smee.{{ .Release.Namespace }}.svc.{{ .Values.stack.clusterDomain }}."]
         ports:
         - containerPort: 67
           protocol: UDP
@@ -119,14 +124,18 @@ spec:
               srcInterface=$(nsenter -t1 -n ip route | awk '/default/ {print $5}' | head -n1)
             fi
             # Create a macvlan interface. TODO: If this fails, try again with a different name?
-            nsenter -t1 -n ip link add {{ $macvlanInterfaceName }} link ${srcInterface} type macvlan mode bridge
+            {{- if eq $dhcpInterfaceType "ipvlan" }}
+            nsenter -t1 -n ip link add {{ $dhcpInterfaceName }} link ${srcInterface} type ipvlan mode l2
+            {{- else }}
+            nsenter -t1 -n ip link add {{ $dhcpInterfaceName }} link ${srcInterface} type macvlan mode bridge
+            {{- end }}
             # Move the interface into the POD.
             pid=$(echo $$)
-            nsenter -t1 -n ip link set {{ $macvlanInterfaceName }} netns ${pid} || nsenter -t1 -n ip link delete {{ $macvlanInterfaceName }}
+            nsenter -t1 -n ip link set {{ $dhcpInterfaceName }} netns ${pid} || nsenter -t1 -n ip link delete {{ $dhcpInterfaceName }}
             # Set the macvlan interface up
-            ip link set {{ $macvlanInterfaceName }} up
+            ip link set {{ $dhcpInterfaceName }} up
             # Set the IP address
-            ip addr add {{ .Values.stack.loadBalancerIP }}/32 dev {{ $macvlanInterfaceName }} noprefixroute
+            ip addr add 127.1.1.1/32 dev {{ $dhcpInterfaceName }} noprefixroute
         image: alpine
         securityContext:
           privileged: true
diff --git a/tinkerbell/stack/values.yaml b/tinkerbell/stack/values.yaml
index d2e36e0e..fbba74ad 100644
--- a/tinkerbell/stack/values.yaml
+++ b/tinkerbell/stack/values.yaml
@@ -26,7 +26,7 @@ stack:
   kubevip:
     enabled: true
     name: kube-vip
-    image: ghcr.io/kube-vip/kube-vip:v0.6.3
+    image: ghcr.io/kube-vip/kube-vip:v0.7.2
     imagePullPolicy: IfNotPresent
     roleName: kube-vip-role
     roleBindingName: kube-vip-rolebinding
@@ -50,6 +50,9 @@ stack:
     # When unset, the interface from the default route will be used.
     # sourceInterface: eno1
     # TODO(jacobweinstock): add feature to be able to disable listening for broadcast traffic.
+    # interfaceMode determines how we create the interface needed to listen for DHCP broadcast traffic.
+    # by default macvlan is used. ipvlan is the only other option.
+    # interfaceMode: ipvlan
 
 # -- Overrides
 # The values defined here override those in the individual charts. Some of them require tweaking