From c698790122a67c31bfbf31624dddf930cdb0317e Mon Sep 17 00:00:00 2001
From: anders-elastisys <112394389+anders-elastisys@users.noreply.github.com>
Date: Tue, 6 Feb 2024 08:14:22 +0100
Subject: [PATCH] add nat_outgoing_ipv6 to calico defaults and docs (#10866)

---
 docs/calico.md                                         | 10 +++++++++-
 .../sample/group_vars/k8s_cluster/k8s-net-calico.yml   |  1 +
 roles/network_plugin/calico_defaults/defaults/main.yml |  1 +
 3 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/docs/calico.md b/docs/calico.md
index ce9432caf..fb9ab06f8 100644
--- a/docs/calico.md
+++ b/docs/calico.md
@@ -222,6 +222,14 @@ calico_node_livenessprobe_timeout: 10
 calico_node_readinessprobe_timeout: 10
 ```
 
+### Optional :  Enable NAT with IPv6
+
+To allow outgoing IPv6 traffic going from pods to the Internet, enable the following:
+
+```yml
+nat_outgoing_ipv6: true  # NAT outgoing ipv6 (default value: false).
+```
+
 ## Config encapsulation for cross server traffic
 
 Calico supports two types of encapsulation: [VXLAN and IP in IP](https://docs.projectcalico.org/v3.11/networking/vxlan-ipip). VXLAN is the more mature implementation and enabled by default, please check your environment if you need *IP in IP* encapsulation.
@@ -235,7 +243,7 @@ If you are running your cluster with the default calico settings and are upgradi
 * perform a manual migration to vxlan before upgrading kubespray (see migrating from IP in IP to VXLAN below)
 * pin the pre-2.19 settings in your ansible inventory (see IP in IP mode settings below)
 
-**Note:**: Vxlan in ipv6 only supported when kernel >= 3.12. So if your kernel version < 3.12, Please don't set `calico_vxlan_mode_ipv6: vxlanAlways`. More details see [#Issue 6877](https://github.com/projectcalico/calico/issues/6877).
+**Note:**: Vxlan in ipv6 only supported when kernel >= 3.12. So if your kernel version < 3.12, Please don't set `calico_vxlan_mode_ipv6: Always`. More details see [#Issue 6877](https://github.com/projectcalico/calico/issues/6877).
 
 ### IP in IP mode
 
diff --git a/inventory/sample/group_vars/k8s_cluster/k8s-net-calico.yml b/inventory/sample/group_vars/k8s_cluster/k8s-net-calico.yml
index cc0499d00..c1cc3dd7d 100644
--- a/inventory/sample/group_vars/k8s_cluster/k8s-net-calico.yml
+++ b/inventory/sample/group_vars/k8s_cluster/k8s-net-calico.yml
@@ -11,6 +11,7 @@ calico_cni_name: k8s-pod-network
 
 # Enables Internet connectivity from containers
 # nat_outgoing: true
+# nat_outgoing_ipv6: false
 
 # Enables Calico CNI "host-local" IPAM plugin
 # calico_ipam_host_local: true
diff --git a/roles/network_plugin/calico_defaults/defaults/main.yml b/roles/network_plugin/calico_defaults/defaults/main.yml
index 8e716498b..8b909f021 100644
--- a/roles/network_plugin/calico_defaults/defaults/main.yml
+++ b/roles/network_plugin/calico_defaults/defaults/main.yml
@@ -4,6 +4,7 @@ calico_cni_name: k8s-pod-network
 
 # Enables Internet connectivity from containers
 nat_outgoing: true
+nat_outgoing_ipv6: false
 
 # add default ippool name
 calico_pool_name: "default-pool"