k3s
k3s copied to clipboard
k3s-io
NodePort does not accept IPv6 trafic
When NodePort Service is created it is listening on all the interfaces but does not accept IPv6 traffic.
When k3s service is down connections are rejected, but if ut is up then they stuck.
The upstream k/k community is still working on IPv4/IPv6 dual-stack support, and the current release only supports single stack.
It seems to bind interface correctly, but drops the packets later. No matter what it is not expe behavior and should be fixable quite easily, either by binding to v4 only or doing v6 in the proper way.
Not sure if this is fixed with https://github.com/rancher/k3s/pull/750 or some other network related issue. If it is an easy fix tho PRs are welcome! ;)
If I knew where to point you I would likely just fix it myself. Looking through the logs of your setup might help. From that linked PR there may be some upstream dependency of socat that is causing issues.
If you have some more info on what is happening that might help @majkrzak, such as steps to reproduce and host system information.
It isn't clear to me if this is an upstream k8s ipv6 issue or a problem with k3s specifically.
It also doesn't work when externalIPs are specified. In netstat is visible that only ipv4 was bounded.
kind: Service
spec:
type: NodePort
externalIPs:
- "111.111.111.111"
- "1111:::::1"
ports:
- name: http
port: 80
protocol: TCP
targetPort: http
- name: https
port: 443
protocol: TCP
targetPort: https```
This repository uses a bot to automatically label issues which have not had any activity (commit/comment/label) for 180 days. This helps us manage the community issues better. If the issue is still relevant, please add a comment to the issue so the bot can remove the label and we know it is still valid. If it is no longer relevant (or possibly fixed in the latest release), the bot will automatically close the issue in 14 days. Thank you for your contributions.
![stale[bot] avatar](https://avatars.githubusercontent.com/in/1724?v=4 "Published by a pub.dev verified publisher"){kind=small}
This repository uses a bot to automatically label issues which have not had any activity (commit/comment/label) for 180 days. This helps us manage the community issues better. If the issue is still relevant, please add a comment to the issue so the bot can remove the label and we know it is still valid. If it is no longer relevant (or possibly fixed in the latest release), the bot will automatically close the issue in 14 days. Thank you for your contributions.
Hi. I don't know if this is still an issue, but in case of exposed services on DualStack Kuberenetes declares .spec.ipFamilyPolicy: SingleStack and it gives only the IPv4 service address; to force the service to be exposed on both IPv4 and IPv6 that policy should be configured as PreferDualStack or RequireDualStack.
This repository uses a bot to automatically label issues which have not had any activity (commit/comment/label) for 180 days. This helps us manage the community issues better. If the issue is still relevant, please add a comment to the issue so the bot can remove the label and we know it is still valid. If it is no longer relevant (or possibly fixed in the latest release), the bot will automatically close the issue in 14 days. Thank you for your contributions.
