Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IPv6 internal node IPs are usable externally #3588

Merged
merged 2 commits into from
May 10, 2023
Merged

IPv6 internal node IPs are usable externally #3588

merged 2 commits into from
May 10, 2023

Conversation

johngmyers
Copy link
Contributor

@johngmyers johngmyers commented May 4, 2023
edited
Loading

Description

IPv6 clusters do not a NATed private-use network; IPv6 node addresses are allocated from the global unicast address space and are accessible from the internet if firewalls allow. IPv6 node addresses are always reported as type NodeInternalIP despite being usable both internally and externally.

This PR causes the sources that use node IP addresses to treat NodeInternalIP addresses that parse as IPv6 as being both internal and external.

It also fixes the node, pod, and dns-controller sources to set the record type to AAAA for node addresses that have IPv6 syntax.

This roughly corresponds to kubernetes/kops#12608.

Fixes #1875

Checklist

  • Unit tests updated
  • End user documentation updated

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels May 4, 2023
szuecs
szuecs reviewed May 8, 2023
View reviewed changes
source/pod.go Outdated Show resolved Hide resolved
@szuecs
Copy link
Contributor

szuecs commented May 8, 2023

/ok-to-test

One question other than that I would approve. Thanks for your work @johngmyers

@k8s-ci-robot k8s-ci-robot added the ok-to-test Indicates a non-member PR verified by an org member that is safe to test. label May 8, 2023
@szuecs
Copy link
Contributor

szuecs commented May 10, 2023

/approve

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: johngmyers, szuecs

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label May 10, 2023
@szuecs
Copy link
Contributor

szuecs commented May 10, 2023

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label May 10, 2023
@k8s-ci-robot k8s-ci-robot merged commit 3a788d6 into kubernetes-sigs:master May 10, 2023
@johngmyers johngmyers deleted the ipv6-external branch May 10, 2023 20:19
@johngmyers johngmyers mentioned this pull request Jun 7, 2023
Merged
2 tasks
@johngmyers johngmyers mentioned this pull request Sep 13, 2023
Merged
2 tasks
This was referenced Jun 20, 2024
Open
Open
@sebastiangaiser
Copy link

@johngmyers @szuecs since this patch is merged, all v6 addresses internal and external are added to the dns entry for e.g. a Kubernetes node or NodePort. Can you maybe revisit this topic again to make it possible to differentiate between internal and external.
#4566 is asking about that problem.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@szuecs szuecs szuecs left review comments

@seanmalloy seanmalloy Awaiting requested review from seanmalloy

Assignees

@szuecs szuecs

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

'Nodes' source assumes all discovered IPs are IPv4
4 participants
@johngmyers @szuecs @k8s-ci-robot @sebastiangaiser