Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IPv4-Only Pods in Dual-Stack #9491

Open
renyunkang opened this issue Nov 18, 2024 · 6 comments
Open

IPv4-Only Pods in Dual-Stack #9491

renyunkang opened this issue Nov 18, 2024 · 6 comments
Labels
kind/support

Comments

@renyunkang
Copy link
Contributor

If I've enabled dual-stack networking, how can I configure specific pods to use only IPv4 (single-stack)?

Is there a configuration method to achieve this, or is it currently unsupported?
@mazdakn
Copy link
Member

mazdakn commented Nov 19, 2024

@renyunkang Have you tried 'cni.projectcalico.org/ipAddrsNoIpam' annotation. More information here: https://docs.tigera.io/calico/latest/reference/configure-cni-plugins#requesting-a-specific-ip-address

@renyunkang
Copy link
Contributor Author

@renyunkang Have you tried 'cni.projectcalico.org/ipAddrsNoIpam' annotation. More information here: https://docs.tigera.io/calico/latest/reference/configure-cni-plugins#requesting-a-specific-ip-address

Thank you for your response. @mazdakn "NoIpam" is not the desired outcome. I still want Calico to automatically manage IP addresses (IPAM), but I need a configuration option to specify which namespaces or pods should only use IPv4, instead of both IPv4 and IPv6, even with dual-stack enabled.

@renyunkang renyunkang mentioned this issue Dec 2, 2024
Merged
3 tasks
@caseydavenport
Copy link
Member

caseydavenport commented Dec 3, 2024
edited
Loading

Yeah, I agree - the ipAddrsNoIpam is exceptionally niche and not right most for 99.99% of users 😁

Requires that you implement your own IPAM solution external to Calico and CNI 😬

@caseydavenport
Copy link
Member

I think an annotation to expose configuration of IP families is appropriate. One thing to think about is whether or not we want to unconditionally allow application developers (i.e., people deploying pods) to control which IP families they have access to regardless of cluster configuration.

Generally for these types of annotations, you want this to be opt-in within the CNI config file itself in some way. Otherwise a cluster admin can configure Calico to behave one way (i.e., requiring dual stack) and then have app devs override that configuration when it's not desirable.

We may want to make this annotation available only if the cluster admin has deferred this capability to application developers - see the existing CNI config "feature_control" section which is used for this sort of thing:

calico/cni-plugin/pkg/types/types.go

Lines 33 to 37 in 840cb65

// FeatureControl is a struct which controls which features are enabled in Calico.
type FeatureControl struct {
IPAddrsNoIpam bool `json:"ip_addrs_no_ipam"`
FloatingIPs bool `json:"floating_ips"`
}

@caseydavenport
Copy link
Member

Would be something like IPFamilySpecification bool added to that struct, and then checked before parsing the annotation.

@caseydavenport
Copy link
Member

caseydavenport commented Dec 3, 2024
edited
Loading

On second thought.... maybe that's too paranoid. The Service struct already allows application devs to configure how their services work w.r.t IP families. This seems like a fair parallel.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/support
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@caseydavenport @mazdakn @renyunkang