Skip to content

Commit

Permalink
Enable forwarding IPv6 connections through the proxy (#12495)
Browse files Browse the repository at this point in the history 
As part of the ongoing effort to support IPv6/dual-stack networks, this change
enables the proxy to properly forward IPv6 connections:

- Adds the new `LINKERD2_PROXY_OUTBOUND_LISTEN_ADDRS` environment variable when
  injecting the proxy. This is supported as of proxy v2.228.0 which was just
  pulled into the linkerd2 repo in #2d5085b56e465ef56ed4a178dfd766a3e16a631d.
  This adds the IPv6 loopback address (`[::1]`) to the IPv4 one (`127.0.0.1`)
  so the proxy can forward outbound connections received via IPv6. The injector
  will still inject `LINKERD2_PROXY_OUTBOUND_LISTEN_ADDR` to support the rare
  case where the `proxy.image.version` value is overridden with an older
  version. The new proxy still considers that variable, but it's superseded by
  the new one. The old variable is considered deprecated and should be removed
  in the future.
- The values for `LINKERD2_PROXY_CONTROL_LISTEN_ADDR`,
  `LINKERD2_PROXY_ADMIN_LISTEN_ADDR` and `LINKERD2_PROXY_INBOUND_LISTEN_ADDR`
  have been updated to point to the IPv6 wildcard address (`[::]`) instead of
  the IPv4 one (`0.0.0.0`) for the same reason. Unlike with the loopback
  address, the IPv6 wildcard address suffices to capture both IPv4 and IPv6
  traffic.
- The endpoint translator's `getInboundPort()` has been updated to properly
  parse the IPv6 loopback address retrieved from the proxy container manifest.
  A unit test was added to validate the behavior.
  • Loading branch information
@alpeb
alpeb committed May 2, 2024
1 parent cae5349 commit 7cbe2f5
Show file tree
Hide file tree
Showing 58 changed files with 621 additions and 367 deletions.
11 changes: 7 additions & 4 deletions charts/partials/templates/_proxy.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,13 +76,16 @@ env:
value: "365d"
{{ end -}}
- name: LINKERD2_PROXY_CONTROL_LISTEN_ADDR
value: 0.0.0.0:{{.Values.proxy.ports.control}}
value: "[::]:{{.Values.proxy.ports.control}}"
- name: LINKERD2_PROXY_ADMIN_LISTEN_ADDR
value: 0.0.0.0:{{.Values.proxy.ports.admin}}
value: "[::]:{{.Values.proxy.ports.admin}}"
{{- /* Deprecated, superseded by LINKERD2_PROXY_OUTBOUND_LISTEN_ADDRS since proxy's v2.228.0 (deployed since edge-24.4.5) */}}
- name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDR
value: 127.0.0.1:{{.Values.proxy.ports.outbound}}
value: "127.0.0.1:{{.Values.proxy.ports.outbound}}"
- name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDRS
value: "127.0.0.1:{{.Values.proxy.ports.outbound}},[::1]:{{.Values.proxy.ports.outbound}}"
- name: LINKERD2_PROXY_INBOUND_LISTEN_ADDR
value: 0.0.0.0:{{.Values.proxy.ports.inbound}}
value: "[::]:{{.Values.proxy.ports.inbound}}"
- name: LINKERD2_PROXY_INBOUND_IPS
valueFrom:
fieldRef:
Expand Down
8 changes: 5 additions & 3 deletions cli/cmd/testdata/inject-filepath/expected/injected_nginx.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,13 +64,15 @@ spec:
- name: LINKERD2_PROXY_INBOUND_DISCOVERY_IDLE_TIMEOUT
value: 90s
- name: LINKERD2_PROXY_CONTROL_LISTEN_ADDR
value: 0.0.0.0:4190
value: '[::]:4190'
- name: LINKERD2_PROXY_ADMIN_LISTEN_ADDR
value: 0.0.0.0:4191
value: '[::]:4191'
- name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDR
value: 127.0.0.1:4140
- name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDRS
value: 127.0.0.1:4140,[::1]:4140
- name: LINKERD2_PROXY_INBOUND_LISTEN_ADDR
value: 0.0.0.0:4143
value: '[::]:4143'
- name: LINKERD2_PROXY_INBOUND_IPS
valueFrom:
fieldRef:
Expand Down
16 changes: 10 additions & 6 deletions cli/cmd/testdata/inject-filepath/expected/injected_nginx_redis.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,13 +64,15 @@ spec:
- name: LINKERD2_PROXY_INBOUND_DISCOVERY_IDLE_TIMEOUT
value: 90s
- name: LINKERD2_PROXY_CONTROL_LISTEN_ADDR
value: 0.0.0.0:4190
value: '[::]:4190'
- name: LINKERD2_PROXY_ADMIN_LISTEN_ADDR
value: 0.0.0.0:4191
value: '[::]:4191'
- name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDR
value: 127.0.0.1:4140
- name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDRS
value: 127.0.0.1:4140,[::1]:4140
- name: LINKERD2_PROXY_INBOUND_LISTEN_ADDR
value: 0.0.0.0:4143
value: '[::]:4143'
- name: LINKERD2_PROXY_INBOUND_IPS
valueFrom:
fieldRef:
Expand Down Expand Up @@ -295,13 +297,15 @@ spec:
- name: LINKERD2_PROXY_INBOUND_DISCOVERY_IDLE_TIMEOUT
value: 90s
- name: LINKERD2_PROXY_CONTROL_LISTEN_ADDR
value: 0.0.0.0:4190
value: '[::]:4190'
- name: LINKERD2_PROXY_ADMIN_LISTEN_ADDR
value: 0.0.0.0:4191
value: '[::]:4191'
- name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDR
value: 127.0.0.1:4140
- name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDRS
value: 127.0.0.1:4140,[::1]:4140
- name: LINKERD2_PROXY_INBOUND_LISTEN_ADDR
value: 0.0.0.0:4143
value: '[::]:4143'
- name: LINKERD2_PROXY_INBOUND_IPS
valueFrom:
fieldRef:
Expand Down
8 changes: 5 additions & 3 deletions cli/cmd/testdata/inject-filepath/expected/injected_redis.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,13 +64,15 @@ spec:
- name: LINKERD2_PROXY_INBOUND_DISCOVERY_IDLE_TIMEOUT
value: 90s
- name: LINKERD2_PROXY_CONTROL_LISTEN_ADDR
value: 0.0.0.0:4190
value: '[::]:4190'
- name: LINKERD2_PROXY_ADMIN_LISTEN_ADDR
value: 0.0.0.0:4191
value: '[::]:4191'
- name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDR
value: 127.0.0.1:4140
- name: LINKERD2_PROXY_OUTBOUND_LISTEN_ADDRS
value: 127.0.0.1:4140,[::1]:4140
- name: LINKERD2_PROXY_INBOUND_LISTEN_ADDR
value: 0.0.0.0:4143
value: '[::]:4143'
- name: LINKERD2_PROXY_INBOUND_IPS
valueFrom:
fieldRef:
Expand Down
8 changes: 5 additions & 3 deletions cli/cmd/testdata/inject_contour.golden.yml
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

32 changes: 20 additions & 12 deletions cli/cmd/testdata/inject_emojivoto_already_injected.golden.yml
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

8 changes: 5 additions & 3 deletions cli/cmd/testdata/inject_emojivoto_deployment.golden.yml
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

8 changes: 5 additions & 3 deletions cli/cmd/testdata/inject_emojivoto_deployment_access_log.golden.yml
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

8 changes: 5 additions & 3 deletions cli/cmd/testdata/inject_emojivoto_deployment_automountServiceAccountToken_false.golden.yml
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

8 changes: 5 additions & 3 deletions cli/cmd/testdata/inject_emojivoto_deployment_capabilities.golden.yml
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

8 changes: 5 additions & 3 deletions cli/cmd/testdata/inject_emojivoto_deployment_config_overrides.golden.yml
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

16 changes: 10 additions & 6 deletions cli/cmd/testdata/inject_emojivoto_deployment_controller_name.golden.yml
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

8 changes: 5 additions & 3 deletions cli/cmd/testdata/inject_emojivoto_deployment_debug.golden.yml
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

8 changes: 5 additions & 3 deletions cli/cmd/testdata/inject_emojivoto_deployment_empty_resources.golden.yml
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

8 changes: 5 additions & 3 deletions cli/cmd/testdata/inject_emojivoto_deployment_hostNetwork_false.golden.yml
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit 7cbe2f5

Please sign in to comment.