As of Kubernetes 1.19, support for IPv6 is in beta and dual-stack(running clusters with both IPv4 and IPv6) is in alpha. Charmed Kubernetes supports both these features, though it is important to be familiar with the known issues described below.
Enabling IPv6 and dual-stack in Charmed Kubernetes
These features can be used simply by changing the configuration for Calico and the Kubernetes control-plane to include the relevant CIDRs.
For Calico, the
cidr configuration can contain two comma-separated values, with the
first CIDR in the list being the preferred family for pods.
For the Kubernetes control-plane, the
service-cidr configuration can contain two
comma-separated values, with the first being the default family for services.
Note that Kubernetes supports explicitly setting the
ipFamilies for a
service when creating it.
The following example shows how to deploy Charmed Kubernetes with IPv6 and dual-stack enabled.
You can use the following overlay file (download it here)
charmed-kubernetes to enable IPv4-preferred dual-stack:
description: Charmed Kubernetes overlay to enable IPv4-IPv6 dual-stack. applications: calico: options: cidr: "192.168.0.0/16,fd00:c00b:1::/112" kubernetes-control-plane: options: service-cidr: "10.152.183.0/24,fd00:c00b:2::/112"
juju deploy charmed-kubernetes --overlay ipv4-ipv6-overlay.yaml
Once that is deployed, you can use the following spec (download it here) to run a dual-stack enabled nginx pod with an IPv6 service in front of it:
apiVersion: apps/v1 kind: Deployment metadata: name: nginxdualstack spec: selector: matchLabels: run: nginxdualstack replicas: 2 template: metadata: labels: run: nginxdualstack spec: containers: - name: nginxdualstack image: rocks.canonical.com/cdk/diverdane/nginxdualstack:1.0.0 ports: - containerPort: 80 --- apiVersion: v1 kind: Service metadata: name: nginx6 labels: run: nginxdualstack spec: type: NodePort ipFamilies: [IPv6] ports: - port: 80 protocol: TCP selector: run: nginxdualstack
Because of the pre-release feature status for IPv6 and dual-stack in Kubernetes and since Juju does not officially support IPv6, there are currently some things which won't work 100% and some limitations on IPv6 configuration. These will also vary depending on the underlying cloud provider.
The following arise because Juju does not fully support IPv6:
The charms require IPv4 on the underlying hosts, even when running a cluster in IPv6-only mode.
By default, connections to the API server will use the IPv4 address even when running a cluster in IPv6-preferred or IPv6-only mode. This can be modified in the client config by hand or overridden via the
loadbalancer-ipsconfig on the [kubernetes-control-plane] and / or [kubeapi-load-balancer] charms.
IPv6 NodePort listeners won't function on the master, though they will work on the worker units.
open-portcannot be used to allow NodePort connections for IPv6.
The following arise when using AWS as the underlying cloud provider:
Kubernetes creates classic load balancers for LoadBalancer-type services, which do not support IPv6.
Juju does not honor the "automatically assign IPv6 address" setting and creates instances without IPv6 addresses. You can attach IPv6 addresses after deploying with something like:
for machine in $(juju status --format=json | jq -r '.machines|keys' | sort -n); do echo -n "Machine $machine: " instance="pending" while [[ "$instance" == "pending" ]]; do instance=$(juju status --format=json | jq -r '.machines["'"$machine"'"]."instance-id"') done interface=$(aws ec2 describe-instances --instance-id "$instance" --output text --query 'Reservations[*].Instances[*].NetworkInterfaces[*].NetworkInterfaceId') aws ec2 modify-instance-attribute --instance-id "$instance" --no-source-dest-check ipv6_addresses=$(aws ec2 describe-instances --instance-id "$instance" --output text --query 'Reservations[*].Instances[*].NetworkInterfaces[*].Ipv6Addresses') if [[ -n "$ipv6_addresses" ]]; then echo "$ipv6_addresses" else aws ec2 assign-ipv6-addresses --network-interface-id "$interface" --ipv6-address-count 1 --output text --query 'AssignedIpv6Addresses' fi done
No additional issues with IPv6 on OpenStack are known at this time.
No additional issues with IPv6 on MAAS are known at this time.