Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable forwarding IPv6 connections through the proxy #12495

Merged
merged 3 commits into from
May 2, 2024
Merged

Enable forwarding IPv6 connections through the proxy #12495

merged 3 commits into from
May 2, 2024

Conversation

alpeb
Copy link
Member

@alpeb alpeb commented Apr 24, 2024
edited
Loading

As part of the ongoing effort to support IPv6/dual-stack networks, this change enables the proxy to properly forward IPv6 connections:

  • Adds the new LINKERD2_PROXY_OUTBOUND_LISTEN_ADDRS environment variable when injecting the proxy. This is supported as of proxy v2.228.0 which was just pulled into the linkerd2 repo in 2d5085b. This adds the IPv6 loopback address ([::1]) to the IPv4 one (127.0.0.1) so the proxy can forward outbound connections received via IPv6. The injector will still inject LINKERD2_PROXY_OUTBOUND_LISTEN_ADDR to support the rare case where the proxy.image.version value is overridden with an older version. The new proxy still considers that variable, but it's superseded by the new one. The old variable is considered deprecated and should be removed in the future.
  • The values for LINKERD2_PROXY_CONTROL_LISTEN_ADDR, LINKERD2_PROXY_ADMIN_LISTEN_ADDR and LINKERD2_PROXY_INBOUND_LISTEN_ADDR have been updated to point to the IPv6 wildcard address ([::]) instead of the IPv4 one (0.0.0.0) for the same reason. Unlike with the loopback address, the IPv6 wildcard address suffices to capture both IPv4 and IPv6 traffic.
  • The endpoint translator's getInboundPort() has been updated to properly parse the IPv6 loopback address retrieved from the proxy container manifest. A unit test was added to validate the behavior.

Edit:

Updated norelay_test.go and the prometheus metrics matching utilities to properly deal with IPv6 addresses,

@alpeb alpeb requested a review from a team as a code owner April 24, 2024 18:31
@alpeb alpeb force-pushed the alpeb/LINKERD2_PROXY_OUTBOUND_LISTEN_ADDRS branch 3 times, most recently from e3c33b1 to 98eacf4 Compare April 29, 2024 15:23
alpeb added 3 commits May 2, 2024 08:43
@alpeb
Enable forwarding IPv6 connections in the proxy
5f5770e 
As part of the ongoing effort to support IPv6/dual-stack networks, this change enables the proxy to properly forward IPv6 connections:

- Adds the new `LINKERD2_PROXY_OUTBOUND_LISTEN_ADDRS` environment variable when injecting the proxy. This is supported as of proxy v2.228.0 which was just pulled into the linkerd2 repo in #2d5085b56e465ef56ed4a178dfd766a3e16a631d. This adds the IPv6 loopback address (`[::1]`) to the IPv4 one (`127.0.0.1`) so the proxy can forward outbound connections received via IPv6. The injector will still inject `LINKERD2_PROXY_OUTBOUND_LISTEN_ADDR` to support the rare case where the `proxy.image.version` value is overridden with an older version. The new proxy still considers that variable, but it's superseded by the new one. The old variable is considered deprecated and should be removed in the future.
- The values for `LINKERD2_PROXY_CONTROL_LISTEN_ADDR`, `LINKERD2_PROXY_ADMIN_LISTEN_ADDR` and `LINKERD2_PROXY_INBOUND_LISTEN_ADDR` have been updated to point to the IPv6 wildcard address (`[::]`) instead of the IPv4 one (`0.0.0.0`) for the same reason. Unlike with the loopback address, the IPv6 wildcard address suffices to capture both IPv4 and IPv6 traffic.
- The endpoint translator's `getInboundPort()` has been updated to properly parse the IPv6 loopback address retrieved from the proxy container manifest. A unit test was added to validate the behavior.
@alpeb
Fix tests
f560fc6
@alpeb
Update and the prometheus metrics matching utilities to properly deal…
76f598d 
… with IPv6 addresses
@alpeb alpeb force-pushed the alpeb/LINKERD2_PROXY_OUTBOUND_LISTEN_ADDRS branch from 98eacf4 to 76f598d Compare May 2, 2024 13:47
mateiidavid
mateiidavid approved these changes May 2, 2024
View reviewed changes
Copy link
Member

@mateiidavid mateiidavid left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! 👍🏻

@mateiidavid mateiidavid merged commit 7cbe2f5 into main May 2, 2024
38 checks passed
@mateiidavid mateiidavid deleted the alpeb/LINKERD2_PROXY_OUTBOUND_LISTEN_ADDRS branch May 2, 2024 15:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adleong adleong adleong approved these changes

@mateiidavid mateiidavid mateiidavid approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@alpeb @adleong @mateiidavid