sigs.k8s.io/cluster-api-provider-azure@v1.14.3/docs/book/src/topics/ipv6.md (about) 1 # IPv6 clusters 2 3 ## Overview 4 5 CAPZ enables you to create IPv6 Kubernetes clusters on Microsoft Azure. 6 7 - IPv6 support is available for Kubernetes version 1.18.0 and later on Azure. 8 - IPv6 support is in beta as of Kubernetes version 1.18 in Kubernetes community. 9 10 To deploy a cluster using IPv6, use the [ipv6 flavor template](https://raw.githubusercontent.com/kubernetes-sigs/cluster-api-provider-azure/main/templates/cluster-template-ipv6.yaml). 11 12 <aside class="note warning"> 13 14 <h1> Warning </h1> 15 16 **Action required**: The Azure DNS nameserver is only IPv4. If the coredns pod runs on the pod network, it will fail to resolve. 17 The workaround is to edit the coredns deployment and add `hostNetwork: true`, so it can leverage host routes for the v4 network to do the DNS resolution. 18 ```bash 19 kubectl patch deploy/coredns -n kube-system --type=merge -p '{"spec": {"template": {"spec":{"hostNetwork": true}}}}' 20 ``` 21 22 </aside> 23 24 Things to try out after the cluster created: 25 26 - Nodes are Kubernetes version 1.18.0 or later 27 - Nodes have an IPv6 Internal-IP 28 29 ```bash 30 kubectl get nodes -o wide 31 NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME 32 ipv6-0-control-plane-8xqgw Ready master 53m v1.18.8 2001:1234:5678:9abc::4 <none> Ubuntu 18.04.5 LTS 5.3.0-1034-azure containerd://1.3.4 33 ipv6-0-control-plane-crpvf Ready master 49m v1.18.8 2001:1234:5678:9abc::5 <none> Ubuntu 18.04.5 LTS 5.3.0-1034-azure containerd://1.3.4 34 ipv6-0-control-plane-nm5v9 Ready master 46m v1.18.8 2001:1234:5678:9abc::6 <none> Ubuntu 18.04.5 LTS 5.3.0-1034-azure containerd://1.3.4 35 ipv6-0-md-0-7k8vm Ready <none> 49m v1.18.8 2001:1234:5678:9abd::5 <none> Ubuntu 18.04.5 LTS 5.3.0-1034-azure containerd://1.3.4 36 ipv6-0-md-0-mwfpt Ready <none> 50m v1.18.8 2001:1234:5678:9abd::4 <none> Ubuntu 18.04.5 LTS 5.3.0-1034-azure containerd://1.3.4 37 ``` 38 39 - Nodes have 2 internal IPs, one from each IP family. IPv6 clusters on Azure run on dual-stack hosts. The IPv6 is the primary IP. 40 41 ```bash 42 kubectl get nodes ipv6-0-md-0-7k8vm -o go-template --template='{{range .status.addresses}}{{printf "%s: %s \n" .type .address}}{{end}}' 43 Hostname: ipv6-0-md-0-7k8vm 44 InternalIP: 2001:1234:5678:9abd::5 45 InternalIP: 10.1.0.5 46 ``` 47 48 - Nodes have an IPv6 PodCIDR 49 50 ```bash 51 kubectl get nodes ipv6-0-md-0-7k8vm -o go-template --template='{{.spec.podCIDR}}' 52 2001:1234:5678:9a40:200::/72 53 ``` 54 55 - Pods have an IPv6 IP 56 57 ```bash 58 kubectl get pods nginx-f89759699-h65lt -o go-template --template='{{.status.podIP}}' 59 2001:1234:5678:9a40:300::1f 60 ``` 61 62 - Able to reach other pods in cluster using IPv6 63 64 ```bash 65 # inside the nginx-pod 66 # # ifconfig eth0 67 eth0 Link encap:Ethernet HWaddr 3E:DA:12:82:4C:C2 68 inet6 addr: fe80::3cda:12ff:fe82:4cc2/64 Scope:Link 69 inet6 addr: 2001:1234:5678:9a40:100::4/128 Scope:Global 70 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 71 RX packets:15 errors:0 dropped:0 overruns:0 frame:0 72 TX packets:20 errors:0 dropped:1 overruns:0 carrier:0 73 collisions:0 txqueuelen:0 74 RX bytes:1562 (1.5 KiB) TX bytes:1832 (1.7 KiB) 75 # ping 2001:1234:5678:9a40::2 76 PING 2001:1234:5678:9a40::2 (2001:1234:5678:9a40::2): 56 data bytes 77 64 bytes from 2001:1234:5678:9a40::2: seq=0 ttl=62 time=1.690 ms 78 64 bytes from 2001:1234:5678:9a40::2: seq=1 ttl=62 time=1.009 ms 79 64 bytes from 2001:1234:5678:9a40::2: seq=2 ttl=62 time=1.388 ms 80 64 bytes from 2001:1234:5678:9a40::2: seq=3 ttl=62 time=0.925 ms 81 ``` 82 83 - Kubernetes services have IPv6 ClusterIP and ExternalIP 84 85 ```bash 86 kubectl get svc 87 NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE 88 kubernetes ClusterIP fd00::1 <none> 443/TCP 94m 89 nginx-service LoadBalancer fd00::4a12 2603:1030:805:2::b 80:32136/TCP 40m 90 ``` 91 92 - Able to reach the workload on IPv6 ExternalIP 93 94 NOTE: this will only work if your ISP has IPv6 enabled. Alternatively, you can connect from an Azure VM with IPv6. 95 96 ```bash 97 curl [2603:1030:805:2::b] -v 98 * Rebuilt URL to: [2603:1030:805:2::b]/ 99 * Trying 2603:1030:805:2::b... 100 * TCP_NODELAY set 101 * Connected to 2603:1030:805:2::b (2603:1030:805:2::b) port 80 (#0) 102 > GET / HTTP/1.1 103 > Host: [2603:1030:805:2::b] 104 > User-Agent: curl/7.58.0 105 > Accept: */* 106 > 107 < HTTP/1.1 200 OK 108 < Server: nginx/1.17.0 109 < Date: Fri, 18 Sep 2020 23:07:12 GMT 110 < Content-Type: text/html 111 < Content-Length: 612 112 < Last-Modified: Tue, 21 May 2019 15:33:12 GMT 113 < Connection: keep-alive 114 < ETag: "5ce41a38-264" 115 < Accept-Ranges: bytes 116 ``` 117 118 ## Known Limitations 119 120 The reference [ipv6 flavor](https://raw.githubusercontent.com/kubernetes-sigs/cluster-api-provider-azure/main/templates/cluster-template-ipv6.yaml) takes care of most of these for you, but it is important to be aware of these if you decide to write your own IPv6 cluster template, or use a different bootstrap provider. 121 122 - Kubernetes version needs to be 1.18+ 123 124 - The coredns pod needs to run on the host network, so it can leverage host routes for the v4 network to do the DNS resolution. The workaround is to edit the coredns deployment and add `hostNetwork: true`: 125 ```bash 126 kubectl patch deploy/coredns -n kube-system --type=merge -p '{"spec": {"template": {"spec":{"hostNetwork": true}}}}' 127 ``` 128 129 - When using [Calico CNI](https://docs.projectcalico.org/reference/public-cloud/azure), the selected pod’s subnet should be part of your Azure virtual network IP range.