Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support IPv6 on service CIDR #209

Merged
merged 1 commit into from
Nov 29, 2021
Merged

Support IPv6 on service CIDR #209

merged 1 commit into from
Nov 29, 2021

Conversation

olljanat
Copy link
Contributor

@olljanat olljanat commented Nov 28, 2021
edited
Loading

First step to solve #18

Add logic to detect if cluster does not have support for IPv4 or if vcluster is forced to use IPv6 only with policy engine.

At least combination of dual stack cluster with Kyverno policy like this:

apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: service-ipv6-only
spec:
  validationFailureAction: enforce
  background: false
  rules:
  - name: service-ipv6-only
    match:
      resources:
        kinds:
        - Service
        namespaces:
        - "vcluster-*"
    preconditions:
      all:
      - key: "{{request.operation}}"
        operator: In
        value:
        - CREATE
    mutate:
      patchStrategicMerge:
        spec:
          ipFamilyPolicy: SingleStack
          ipFamilies:
          - IPv6

and using --distro k8s works.

Pure IPv6 only env where also host cluster is IPv6 only will need more work. K0s needs this PR k0sproject/k0s#1292 and K3s needs this PR k3s-io/k3s#4450 before those can be used with this one.

This was referenced Nov 28, 2021
Merged
Merged
FabianKramm
FabianKramm approved these changes Nov 29, 2021
View reviewed changes
Copy link
Member

@FabianKramm FabianKramm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@olljanat thanks for creating this PR! LGTM!

@FabianKramm FabianKramm merged commit 805ba40 into loft-sh:main Nov 29, 2021
@olljanat olljanat deleted the support-ipv6-cidr branch May 9, 2022 20:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@FabianKramm FabianKramm FabianKramm approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@olljanat @FabianKramm