kic: plumb ip-family and ipv6 for docker bridge

Author: kartikjoshi21

pkg/drivers/kic/kic.go

@@ -89,6 +89,8 @@ func (d *Driver) Create() error {
 		OCIBinary:     d.NodeConfig.OCIBinary,
 		APIServerPort: d.NodeConfig.APIServerPort,
 		GPUs:          d.NodeConfig.GPUs,
+		IPFamily:      strings.ToLower(d.NodeConfig.IPFamily),
+		IPv6:          d.NodeConfig.StaticIPv6,
 	}
 	if params.Memory != "0" {
 		params.Memory += "mb"
@@ -99,40 +101,93 @@ func (d *Driver) Create() error {
 		networkName = d.NodeConfig.ClusterName
 	}
 	staticIP := d.NodeConfig.StaticIP
-	if gateway, err := oci.CreateNetwork(d.OCIBinary, networkName, d.NodeConfig.Subnet, staticIP); err != nil {
+	// NEW: create network with IPv6/dual awareness
+	gateway, err := oci.CreateNetworkWithIPFamily(
+		d.OCIBinary,
+		networkName,
+		d.NodeConfig.Subnet,
+		d.NodeConfig.Subnetv6, // NEW
+		staticIP,
+		d.NodeConfig.StaticIPv6, // NEW
+		params.IPFamily,         // NEW
+	)
+	if err != nil {
 		msg := "Unable to create dedicated network, this might result in cluster IP change after restart: {{.error}}"
 		args := out.V{"error": err}
 		if staticIP != "" {
 			exit.Message(reason.IfDedicatedNetwork, msg, args)
 		}
 		out.WarningT(msg, args)
-	} else if gateway != nil && staticIP != "" {
-		params.Network = networkName
-		params.IP = staticIP
-	} else if gateway != nil {
-		params.Network = networkName
-		ip := gateway.To4()
-		// calculate the container IP based on guessing the machine index
-		index := driver.IndexFromMachineName(d.NodeConfig.MachineName)
-		if int(ip[3])+index > 253 { // reserve last client ip address for multi-control-plane loadbalancer vip address in ha cluster
-			return fmt.Errorf("too many machines to calculate an IP")
+	}
+	// Always attach to the created user network (even if gateway is nil in IPv6-only)
+	params.Network = networkName
+
+	// Now decide static IPs per family
+	switch params.IPFamily {
+	case "ipv6":
+		if d.NodeConfig.StaticIPv6 != "" {
+			params.IPv6 = d.NodeConfig.StaticIPv6
+		}
+	case "dual":
+		// IPv4 part (only if Docker reported a v4 gateway)
+		if g4 := gateway.To4(); g4 != nil {
+			if staticIP != "" {
+				params.IP = staticIP
+			} else {
+				ip := make(net.IP, len(g4))
+				copy(ip, g4)
+				index := driver.IndexFromMachineName(d.NodeConfig.MachineName)
+				if int(ip[3])+index > 253 {
+					return fmt.Errorf("too many machines to calculate an IPv4")
+				}
+				ip[3] += byte(index)
+				klog.Infof("calculated static IPv4 %q for the %q container", ip.String(), d.NodeConfig.MachineName)
+				params.IP = ip.String()
+			}
+		}
+		if d.NodeConfig.StaticIPv6 != "" {
+			params.IPv6 = d.NodeConfig.StaticIPv6
+		}
+	default: // ipv4
+		if staticIP != "" {
+			params.IP = staticIP
+		} else if gateway != nil {
+			if g4 := gateway.To4(); g4 != nil {
+				ip := make(net.IP, len(g4))
+				copy(ip, g4)
+				index := driver.IndexFromMachineName(d.NodeConfig.MachineName)
+				if int(ip[3])+index > 253 {
+					return fmt.Errorf("too many machines to calculate an IP")
+				}
+				ip[3] += byte(index)
+				klog.Infof("calculated static IP %q for the %q container", ip.String(), d.NodeConfig.MachineName)
+				params.IP = ip.String()
+			}
 		}
-		ip[3] += byte(index)
-		klog.Infof("calculated static IP %q for the %q container", ip.String(), d.NodeConfig.MachineName)
-		params.IP = ip.String()
 	}
 	drv := d.DriverName()
-
+	// Default listen address: v4 localhost for ipv4, v6 localhost for ipv6-only
 	listAddr := oci.DefaultBindIPV4
+	// IPv6-only clusters must publish on IPv6 loopback so the host can reach them
+	if params.IPFamily == "ipv6" {
+		listAddr = "::1"
+	}
+
 	if d.NodeConfig.ListenAddress != "" && d.NodeConfig.ListenAddress != listAddr {
 		out.Step(style.Tip, "minikube is not meant for production use. You are opening non-local traffic")
 		out.WarningT("Listening to {{.listenAddr}}. This is not recommended and can cause a security vulnerability. Use at your own risk",
 			out.V{"listenAddr": d.NodeConfig.ListenAddress})
 		listAddr = d.NodeConfig.ListenAddress
 	} else if oci.IsExternalDaemonHost(drv) {
-		out.WarningT("Listening to 0.0.0.0 on external docker host {{.host}}. Please be advised",
-			out.V{"host": oci.DaemonHost(drv)})
-		listAddr = "0.0.0.0"
+		if params.IPFamily == "ipv6" {
+			out.WarningT("Listening to :: on external docker host {{.host}}. Please be advised",
+				out.V{"host": oci.DaemonHost(drv)})
+			listAddr = "::"
+		} else {
+			out.WarningT("Listening to 0.0.0.0 on external docker host {{.host}}. Please be advised",
+				out.V{"host": oci.DaemonHost(drv)})
+			listAddr = "0.0.0.0"
+		}
 	}
 
 	// control plane specific options
@@ -293,18 +348,38 @@ func (d *Driver) DriverName() string {
 
 // GetIP returns an IP or hostname that this host is available at
 func (d *Driver) GetIP() (string, error) {
-	ip, _, err := oci.ContainerIPs(d.OCIBinary, d.MachineName)
-	return ip, err
+	ip4, ip6, err := oci.ContainerIPs(d.OCIBinary, d.MachineName)
+	if err != nil {
+		return "", err
+	}
+	switch strings.ToLower(d.NodeConfig.IPFamily) {
+	case "ipv6":
+		if ip6 != "" {
+			return ip6, nil
+		}
+	}
+	// default / dual prefers IPv4 for backward compat
+	return ip4, nil
 }
 
 // GetExternalIP returns an IP which is accessible from outside
 func (d *Driver) GetExternalIP() (string, error) {
-	return oci.DaemonHost(d.DriverName()), nil
+	host := oci.DaemonHost(d.DriverName())
+	// For local daemons and IPv6-only clusters, ports are published on ::1
+	if strings.ToLower(d.NodeConfig.IPFamily) == "ipv6" && !oci.IsExternalDaemonHost(d.DriverName()) {
+		return "::1", nil
+	}
+	return host, nil
 }
 
 // GetSSHHostname returns hostname for use with ssh
 func (d *Driver) GetSSHHostname() (string, error) {
-	return oci.DaemonHost(d.DriverName()), nil
+	host := oci.DaemonHost(d.DriverName())
+	// For local daemons and IPv6-only clusters, ports are published on ::1
+	if strings.ToLower(d.NodeConfig.IPFamily) == "ipv6" && !oci.IsExternalDaemonHost(d.DriverName()) {
+		return "::1", nil
+	}
+	return host, nil
 }
 
 // GetSSHPort returns port for use with ssh

pkg/drivers/kic/oci/network.go

@@ -88,13 +88,41 @@ func RoutableHostIPFromInside(ociBin string, clusterName string, containerName s
 // digDNS will get the IP record for a dns
 func digDNS(ociBin, containerName, dns string) (net.IP, error) {
 	rr, err := runCmd(exec.Command(ociBin, "exec", "-t", containerName, "dig", "+short", dns))
-	ip := net.ParseIP(strings.TrimSpace(rr.Stdout.String()))
 	if err != nil {
-		return ip, errors.Wrapf(err, "resolve dns to ip")
+		// still try to parse whatever output we got
+		klog.Infof("dig returned error, attempting to parse output anyway: %v", err)
 	}
-
-	klog.Infof("got host ip for mount in container by digging dns: %s", ip.String())
-	return ip, nil
+	out := strings.TrimSpace(rr.Stdout.String())
+	if out == "" {
+		return nil, errors.Wrapf(err, "resolve dns to ip")
+	}
+	// Parse line-by-line. On non-Linux (Docker Desktop), prefer IPv4 for better routability.
+	var firstIP net.IP
+	for _, line := range strings.Split(out, "\n") {
+		s := strings.TrimSpace(line)
+		if s == "" {
+			continue
+		}
+		ip := net.ParseIP(s)
+		if ip == nil {
+			continue
+		}
+		if runtime.GOOS != "linux" && ip.To4() == nil {
+			// Prefer IPv4 on Desktop; keep looking for an A record
+			if firstIP == nil {
+				firstIP = ip
+			}
+			continue
+		}
+		klog.Infof("got host ip for mount in container by digging dns: %s", ip.String())
+		return ip, nil
+	}
+	// Fallback: return first valid IP if only AAAA answers were present
+	if firstIP != nil {
+		klog.Infof("got host ip for mount in container by digging dns (first match): %s", firstIP.String())
+		return firstIP, nil
+	}
+	return nil, errors.New("no A/AAAA answers returned by dig")
 }
 
 // gatewayIP inspects oci container to find a gateway IP string
@@ -107,6 +135,14 @@ func gatewayIP(ociBin, containerName string) (string, error) {
 		return gatewayIP, nil
 	}
 
+	// Fallback to IPv6 gateway (needed for IPv6-only / dual-stack)
+	rr6, err6 := runCmd(exec.Command(ociBin, "container", "inspect", "--format", "{{.NetworkSettings.IPv6Gateway}}", containerName))
+	if err6 == nil {
+		if gatewayIP6 := strings.TrimSpace(rr6.Stdout.String()); gatewayIP6 != "" {
+			return gatewayIP6, nil
+		}
+	}
+
 	// https://github.com/kubernetes/minikube/issues/11293
 	// need to check nested network
 	// check .NetworkSettings.Networks["cluster-name"].Gateway and then
@@ -126,16 +162,24 @@ func gatewayIP(ociBin, containerName string) (string, error) {
 }
 
 func networkGateway(ociBin, container, network string) (string, error) {
-	format := fmt.Sprintf(`
-{{ if index .NetworkSettings.Networks %q}} 
-	{{(index .NetworkSettings.Networks %q).Gateway}}
-{{ end }}
-`, network, network)
-	rr, err := runCmd(exec.Command(ociBin, "container", "inspect", "--format", format, container))
+	// First try IPv4 gateway on the specific network
+	format4 := fmt.Sprintf(`{{ if index .NetworkSettings.Networks %q}}{{(index .NetworkSettings.Networks %q).Gateway}}{{ end }}`, network, network)
+	rr, err := runCmd(exec.Command(ociBin, "container", "inspect", "--format", format4, container))
 	if err != nil {
 		return "", errors.Wrapf(err, "inspect gateway")
 	}
-	return strings.TrimSpace(rr.Stdout.String()), nil
+
+	gw := strings.TrimSpace(rr.Stdout.String())
+	if gw != "" {
+		return gw, nil
+	}
+	// Fallback to IPv6 gateway
+	format6 := fmt.Sprintf(`{{ if index .NetworkSettings.Networks %q}}{{(index .NetworkSettings.Networks %q).IPv6Gateway}}{{ end }}`, network, network)
+	rr6, err := runCmd(exec.Command(ociBin, "container", "inspect", "--format", format6, container))
+	if err != nil {
+		return "", errors.Wrapf(err, "inspect ipv6 gateway")
+	}
+	return strings.TrimSpace(rr6.Stdout.String()), nil
 }
 
 // containerGatewayIP gets the default gateway ip for the container
@@ -188,9 +232,8 @@ func ForwardedPort(ociBin string, ociID string, contPort int) (int, error) {
 	o := strings.TrimSpace(rr.Stdout.String())
 	o = strings.Trim(o, "'")
 	p, err := strconv.Atoi(o)
-
 	if err != nil {
-		return p, errors.Wrapf(err, "convert host-port %q to number", p)
+		return 0, errors.Wrapf(err, "convert host-port %q to number", o)
 	}
 
 	return p, nil