-
Notifications
You must be signed in to change notification settings - Fork 382
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dual-stack with Kube router 2 #3954
Conversation
The PR is marked as stale since no activity has been recorded in 30 days |
This pull request has merge conflicts that need to be resolved. |
This pull request has merge conflicts that need to be resolved. |
The PR is marked as stale since no activity has been recorded in 30 days |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
NB: This is the error that's reported by containerd in the failed inttest:
failed to setup network for sandbox: plugin type="bridge" name="kubernetes" failed (add): failed to set bridge addr: could not add IP address to "kube-bridge": permission denied
This pull request has merge conflicts that need to be resolved. |
/xref #3814 |
d6e2085
to
490cf6e
Compare
7ace5ca
to
a171a45
Compare
b823fe4
to
18cec2f
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How does this work with dynamic configuration? We'd need to restart kubelet, I guess, since we're actively changing flags based on dual stack?
Hmm, what happens for Calico when toggling dual stack? We're not (yet) reconciling the workers at all... (#1806)
var ipv4, ipv6 net.IP | ||
for _, addr := range ipaddrs { | ||
if ipv4 == nil && addr.IP.To4() != nil { | ||
ipv4 = addr.IP |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ipv4 = addr.IP | |
ipv4 = addr.IP.To4() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What would this solve?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It would ensure that ipv4 is actually in its four byte form, so that len(ipv4) == IPv4len
. Otherwise, it could be in its 16 byte form, i.e. len(ipv4) == IPv6len
. This is a nit, but it feels a bit saner to have a v4 IP returned as 4 bytes.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we only care what the address family is. How the buffers are allocated under the hood is completely irrelevant.
This needs attention from kubectl side, as well. I'm a bit on the fence with the IP auto-detection, because this makes it so much harder for k0sctl to do the right thing, but maybe I'm overstating the problem. WDYT @kke? |
Would you prefer that we required to specify the ipv4 and ipv6 node address in k0s config? How would that work for dynamic addresses? There is no guarantee that the node gets same ipv4 address after a reboot. |
I think there's two separate things which bother me: First: There's this schism between single-stack and dual-stack. There is IP auto-detection in kubelet for v4 and v6, but not for both at the same time (which would be reasonable in dual-stack mode, IMO). So k0s has to do it, and is responsible for getting it right, even it doesn't really care about the detected IPs itself. Although I would rather see someone else (i.e. upstream) maintain this 🙃, there is still the option to set the IPs via Second, and this is something that needs clarification and probably a fix on the k0sctl or on both k0sctl and k0s side: k0sctl sets
Is that even a thing, workers with dynamic addresses? Maybe. Would require a k0s restart on IP address changes, though. Not sure about the running containers. They probably need to be restarted, as well. |
Signed-off-by: Natanael Copa <[email protected]>
kuber-router supports ipv6. Enable this and add dualstack test. Unlike calico, kube-router requires that the node has a valid ipv6 InternalIP. This is only set with kublet when --node-ip is specified, and this option requires that we also set the ipv4. Mimic the logic from kubelet to find the ipv4 same way as kubelet. https://github.com/cloudnativelabs/kube-router/blob/master/docs/ipv6.md#how-to-enable-dual-stack-functionality Signed-off-by: Natanael Copa <[email protected]>
Signed-off-by: Natanael Copa <[email protected]>
This is useful for debugging. Signed-off-by: Natanael Copa <[email protected]>
Use our kube-router 2.1.3 image which has a backport fix for ipv6 in github runners. ref: cloudnativelabs/kube-router#1684 Signed-off-by: Natanael Copa <[email protected]>
Clarify test names for dualstack and add dualstack with kuberouter with dynamic confg. Signed-off-by: Natanael Copa <[email protected]>
Improve naming, error message and add comment. Signed-off-by: Natanael Copa <[email protected]>
I agree. This is something that should be fixed in kubelet. But for now we will have to work around it in k0s.
Yes, and this is due to upstream kubelet behavior.
I'd rather fix
I would expect most workers use DHCP for ipv4. Not sure if we care about address changes on dhcp lease expiry runtime. But I think that address change on reboot is something to be expected. (which probably means we shouldn't set the address from k0sctl?) |
Description
Update kube-router to 2.0.1 and enable ipv6
Type of change
How Has This Been Tested?
Checklist: