feat: enable docker IPv6 support on executors

[kayman-mk]

Description

Adds a configuration flag runner_worker_docker_options.enable_ipv6 for the GitLab Runner to enable IPv6 support on the executors which is needed to run in IPv6 networks only. The configuration is set in config.toml section [runners.docker].

This setting is still undocumented. See GitLab issue.

Closes #1094

Verification

• [x] there is no enable_ipv6 option in the config, if the value is not set
• [x] enable_ipv6 is set in the config, if a value is given
• [x] if the option is set, the Runner starts and does not report errors
• [x] if the option is set, the Executors start and do not report errors

[kayman-mk]

@william00179 Please cross-check

[github-actions[bot]]

Hey @kayman-mk! 👋

Thank you for your contribution to the project. Please refer to the contribution rules for a quick overview of the process.

Make sure that this PR clearly explains:

• the problem being solved
• the best way a reviewer and you can test your changes

With submitting this PR you confirm that you hold the rights of the code added and agree that it will published under this LICENSE.

The following ChatOps commands are supported:

• /help: notifies a maintainer to help you out

Simply add a comment with the command in the first line. If you need to pass more information, separate it with a blank line from the command.

This message was generated automatically. You are welcome to improve it.

[github-actions[bot]]

🦙 MegaLinter status: ⚠️ WARNING

Descriptor	Linter	Files	Fixed	Errors	Elapsed time
✅ COPYPASTE	jscpd	yes		no	1.53s
⚠️ MARKDOWN	markdownlint	1	1	6	0.7s
✅ MARKDOWN	markdown-link-check	1		0	2.7s
✅ REPOSITORY	checkov	yes		no	14.74s
✅ REPOSITORY	dustilock	yes		no	0.19s
✅ REPOSITORY	gitleaks	yes		no	1.47s
✅ REPOSITORY	git_diff	yes		no	0.01s
✅ REPOSITORY	grype	yes		no	10.07s
✅ REPOSITORY	secretlint	yes		no	1.09s
✅ REPOSITORY	syft	yes		no	0.33s
✅ REPOSITORY	trivy-sbom	yes		no	1.54s
✅ REPOSITORY	trufflehog	yes		no	9.24s
✅ SPELL	cspell	3		0	2.61s
✅ TERRAFORM	terraform-fmt	1	0	0	0.1s

See detailed report in MegaLinter reports Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

MegaLinter is graciously provided by

[rk295]

Does this alone enable v6? Reading the docs suggests we also need to configure the docker daemon as well.

I have been using this as a way to enable v6 in the engine:

  runner_worker_docker_machine_ec2_options = [
    "engine-opt=ipv6=true",
    "engine-opt=ip6tables=true",
    "engine-opt=experimental=true",
  ]

Looking at the Gitlab runner source seems to suggest this only takes affect if the FF_NETWORK_PER_BUILD flag is on.

[kayman-mk]

Yeah, true. We should have something like ip_version = ["6"] to enable ipv6 only which should configure everything in the background. For the time being, I will add it to the documentation.

[william00179]

Hi @kayman-mk,

Thanks for jumping onto this so quickly.

I have been trying to get this working and for my case which is the docker runner, not the docker+machine executor.

I have tried to enable IPv6 in docker but the various configuration methods are all leading to errors when the job tries to run. I have asked for some additional information on the required configuration to work with the gitlab runner.

For this to work, the feature flag needs to be set in the runners config.toml, see https://docs.gitlab.com/runner/executors/docker.html#create-a-network-for-each-job

There are some additional considerations to be made here also. Do we use a ULA subnet which would keep the IPv4 style of the containers not becoming globally routable for those who don't know better, or do we allow GUA which will then require some changes to the ENI to allocate an IPv6 prefix which can then be used.

I can't think of a use-case for when a user would want the job to be globally routable, but perhaps it exists.

When I can get a working IPv6 configuration I will let you know the required configuration for the module.