kubernetes-sigs · tthvo · Jul 22, 2025 · Jul 22, 2025 · Jul 22, 2025 · Jul 22, 2025
diff --git a/api/v1beta1/awscluster_conversion.go b/api/v1beta1/awscluster_conversion.go
@@ -67,6 +67,7 @@ func (src *AWSCluster) ConvertTo(dstRaw conversion.Hub) error {
 		dst.Status.Bastion.HostID = restored.Status.Bastion.HostID
 		dst.Status.Bastion.CapacityReservationPreference = restored.Status.Bastion.CapacityReservationPreference
 		dst.Status.Bastion.CPUOptions = restored.Status.Bastion.CPUOptions
+		dst.Status.Bastion.IPv6Address = restored.Status.Bastion.IPv6Address
 		if restored.Status.Bastion.DynamicHostAllocation != nil {
 			dst.Status.Bastion.DynamicHostAllocation = restored.Status.Bastion.DynamicHostAllocation
 		}
@@ -158,6 +159,7 @@ func (src *AWSCluster) ConvertTo(dstRaw conversion.Hub) error {
 func restoreControlPlaneLoadBalancerStatus(restored, dst *infrav1.LoadBalancer) {
 	dst.ARN = restored.ARN
 	dst.LoadBalancerType = restored.LoadBalancerType
+	dst.LoadBalancerIPAddressType = restored.LoadBalancerIPAddressType
 	dst.ELBAttributes = restored.ELBAttributes
 	dst.ELBListeners = restored.ELBListeners
 	dst.Name = restored.Name
@@ -195,6 +197,7 @@ func restoreControlPlaneLoadBalancer(restored, dst *infrav1.AWSLoadBalancerSpec)
 	dst.Scheme = restored.Scheme
 	dst.CrossZoneLoadBalancing = restored.CrossZoneLoadBalancing
 	dst.Subnets = restored.Subnets
+	dst.TargetGroupIPType = restored.TargetGroupIPType
 }
 
 // ConvertFrom converts the v1beta1 AWSCluster receiver to a v1beta1 AWSCluster.

diff --git a/api/v1beta1/network_types.go b/api/v1beta1/network_types.go
@@ -249,7 +249,6 @@ type SubnetSpec struct {
 
 	// IPv6CidrBlock is the IPv6 CIDR block to be used when the provider creates a managed VPC.
 	// A subnet can have an IPv4 and an IPv6 address.
-	// IPv6 is only supported in managed clusters, this field cannot be set on AWSCluster object.
 	// +optional
 	IPv6CidrBlock string `json:"ipv6CidrBlock,omitempty"`
 
@@ -260,8 +259,7 @@ type SubnetSpec struct {
 	// +optional
 	IsPublic bool `json:"isPublic"`
 
-	// IsIPv6 defines the subnet as an IPv6 subnet. A subnet is IPv6 when it is associated with a VPC that has IPv6 enabled.
-	// IPv6 is only supported in managed clusters, this field cannot be set on AWSCluster object.
+	// IsIPv6 defines the subnet as an IPv6 subnet. A subnet is IPv6 when it is associated with an IPv6 CIDR.
 	// +optional
 	IsIPv6 bool `json:"isIpv6,omitempty"`
 

diff --git a/api/v1beta1/zz_generated.conversion.go b/api/v1beta1/zz_generated.conversion.go
diff --git a/api/v1beta2/awscluster_types.go b/api/v1beta2/awscluster_types.go
@@ -152,8 +152,9 @@ type Bastion struct {
 
 	// AllowedCIDRBlocks is a list of CIDR blocks allowed to access the bastion host.
 	// They are set as ingress rules for the Bastion host's Security Group (defaults to 0.0.0.0/0).
+	// If the cluster has IPv6 enabled, defaults to ::/0 and 0.0.0.0/0.
 	// +optional
-	AllowedCIDRBlocks []string `json:"allowedCIDRBlocks,omitempty"`
+	AllowedCIDRBlocks CidrBlocks `json:"allowedCIDRBlocks,omitempty"`
 
 	// InstanceType will use the specified instance type for the bastion. If not specified,
 	// Cluster API Provider AWS will use t3.micro for all regions except us-east-1, where t2.micro
@@ -252,6 +253,15 @@ type AWSLoadBalancerSpec struct {
 	// PreserveClientIP lets the user control if preservation of client ips must be retained or not.
 	// If this is enabled 6443 will be opened to 0.0.0.0/0.
 	PreserveClientIP bool `json:"preserveClientIP,omitempty"`
+
+	// TargetGroupIPType sets the IP address type for the target group.
+	// Valid values are ipv4 and ipv6. If not specified, defaults to ipv4 unless
+	// the VPC has IPv6 enabled, in which case it defaults to ipv6.
+	// This applies to the API server target group.
+	// This field cannot be set if LoadBalancerType is classic or disabled.
+	// +kubebuilder:validation:Enum=ipv4;ipv6
+	// +optional
+	TargetGroupIPType *TargetGroupIPType `json:"targetGroupIPType,omitempty"`
 }
 
 // AdditionalListenerSpec defines the desired state of an
@@ -271,6 +281,14 @@ type AdditionalListenerSpec struct {
 	// HealthCheck sets the optional custom health check configuration to the API target group.
 	// +optional
 	HealthCheck *TargetGroupHealthCheckAdditionalSpec `json:"healthCheck,omitempty"`
+
+	// TargetGroupIPType sets the IP address type for the target group.
+	// Valid values are ipv4 and ipv6. If not specified, defaults to ipv4 unless
+	// the VPC has IPv6 enabled, in which case it defaults to ipv6.
+	// This field cannot be set if LoadBalancerType is classic or disabled.
+	// +kubebuilder:validation:Enum=ipv4;ipv6
+	// +optional
+	TargetGroupIPType *TargetGroupIPType `json:"targetGroupIPType,omitempty"`
 }
 
 // AWSClusterStatus defines the observed state of AWSCluster.
@@ -323,7 +341,8 @@ type S3Bucket struct {
 // +kubebuilder:printcolumn:name="Ready",type="string",JSONPath=".status.ready",description="Cluster infrastructure is ready for EC2 instances"
 // +kubebuilder:printcolumn:name="VPC",type="string",JSONPath=".spec.network.vpc.id",description="AWS VPC the cluster is using"
 // +kubebuilder:printcolumn:name="Endpoint",type="string",JSONPath=".spec.controlPlaneEndpoint",description="API Endpoint",priority=1
-// +kubebuilder:printcolumn:name="Bastion IP",type="string",JSONPath=".status.bastion.publicIp",description="Bastion IP address for breakglass access"
+// +kubebuilder:printcolumn:name="Bastion IP",type="string",JSONPath=".status.bastion.publicIp",description="Bastion IPv4 address for breakglass access"
+// +kubebuilder:printcolumn:name="Bastion IPv6",type="string",JSONPath=".status.bastion.ipv6Address",description="Bastion IPv6 address for breakglass access"
 // +k8s:defaulter-gen=true
 
 // AWSCluster is the schema for Amazon EC2 based Kubernetes Cluster API.