kubermatic icon indicating copy to clipboard operation
kubermatic copied to clipboard

Published 20 hours ago verified publisher icon kubermatic

Test dual-stack on GCP - Test Release 2.21

Open rastislavs opened this issue 2 years ago • 0 comments

Test dual-stack user clusters on the GCP cloud provider platform.

  • refer to https://kubernetes.io/docs/concepts/services-networking/dual-stack/ for dual-stack feature description
  • refer to https://kubernetes.io/docs/tasks/network/validate-dual-stack/ for validation options

The testing should be performed for both Canal and Cilium CNI and with both Konnectivity enabled and disabled. The tests should be performed on all available operating systems.

Testing Procedure

  1. Deploy a dual-stack user cluster on the GCP cloud provider (either select "IPv4 and IPv6 (Dual Stack)" in KKP UI when creating a new cluster, or set cluster's spec.clusterNetwork.ipFamily to IPv4+IPv6 when using the KKP API)
  2. Make sure all pods are up
  3. Make sure logs of pods can be retrieved via kubecl logs
  4. Make sure pod metrics can be retrieved via kubectl top pods
  5. Validate that all non-host-network-namespace pods have both IPv4 and IPv6 IP addresses (kubectl describe pod), and pod-to-pod communication works for both IP families
  6. Create a dual-stack ClusterIP service targeting e.g. an nginx wbeserver pod and validate it has both IPv4 and IPv6 ClusterIP addresses allocated. Pods within cluster should be able to reach the backend via both IPv4 and IPv6 ClusterIP.
  7. Create a dual-stack NodePort service targeting e.g. an nginx wbeserver pod, and validate that the backend can be reached from outside of the cluster via <node-ip>:<nodeport> for both IPv4 and IPv6 node IP.
  8. Test that pods can reach the Internet via both IPv4 and IPv6 - you can use/inspect this manifest for that

Limitations

  • Due to the limitations of the cloud-provider, the following dual-stack features do not work ATM:
    • worker nodes do not have IPv6 IP addresses in k8s API (kubectl describe nodes), but have them physically (can be seen after SSHing to the node). Therefore pods in the host network namespace do not have IPv6 address either.
    • dual-stack services of type LoadBalancer are not yet supported, so this cannot be validated.
  • Some operating systems may not be well supported, in that case please document them in this issue. Ubuntu should always work.
  • CentOS + Cilium is a not supported combination in general ATM

Acceptance Criteria

The testing procedure is successful for all test cases at least for one operating system. Unsupported operating systems should be listed in this issue to generate the support matrix docs later.

rastislavs avatar Jul 27 '22 09:07 rastislavs