Skip to content

Networking

Networking

Warning

This documentation is deprecated, please check here for its new home

IPv4/IPv6 dual-stack

Since Kubernetes 1.22 deployments at CERN have dual stack networking support enabled. Workloads can be configured to run IPv4 only, IPv6 only, or dual stack.

Service Configuration

Services can be configured to prefer or require IPv4 only, IPv6 only or dual stack support via the ipFamilyPolicy and ipFamilies parameters. Check here for full details.

By default services have both configured but prefer IPv4.

A quick example (taken from the upstream docs) mandating single stack IPv4 only:

apiVersion: v1
kind: Service
metadata:
  labels:
    app: MyApp
  name: my-service
spec:
  ipFamilies:
  - IPv4
  ipFamilyPolicy: SingleStack
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: MyApp

And to enable dual stack networking:

apiVersion: v1
kind: Service
metadata:
  name: my-service
  labels:
    app: MyApp
spec:
  ipFamilyPolicy: PreferDualStack
  selector:
    app: MyApp
  ports:
    - protocol: TCP
      port: 80

These settings can be changed on existing services, without redeployment.

Pod Configuration

All pods get dual stack networking configured by default, and unlike Services there is no parameter available to change this behavior in the Pod configuration.

This can be problematic if the workload cannot rely on IPv6 for whatever reason. As a workaround, you can add an initContainer to explicitly disable IPv6 in the Pod's network stack. Here's an example for a Deployment:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: noipv6
  labels:
    app: noipv6
spec:
  replicas: 1
  selector:
    matchLabels:
      app: noipv6
  template:
    metadata:
      labels:
        app: noipv6
    spec:
      # this is the relevant part, you can reuse this initContainer as defined
      # below to disable the ipv6 stack - no matter the actual workload later
      initContainers:
      - name: disableipv6
        image: ubuntu:20.04
        command: ["/bin/bash", "-c", "sysctl -w net.ipv6.conf.all.disable_ipv6=1"]
        securityContext:
          privileged: true
      containers:
      - name: main
        image: ubuntu:20.04
        # this is a sample command that shows only IPv4 is set in the pod
        command: ["/bin/bash", "-c", "apt-get update; apt-get install -y iputils-ping iproute2; ip a; sleep inf"]
Last update: June 1, 2022