calico icon indicating copy to clipboard operation
calico copied to clipboard

Published 20 hours ago verified publisher icon projectcalico

Add support for WireGuard with IPv6

Open dseomn opened this issue 3 years ago • 6 comments

https://docs.projectcalico.org/security/encrypt-cluster-pod-traffic#before-you-begin says:

Note: WireGuard in Calico does not support IPv6 at this time. Also, encryption using WireGuard is not supported if CALICO_NETWORKING_BACKEND=none (e.g. managed Kubernetes platforms EKS, AKS and GKE).

It would be really nice if Calico supported WireGuard with IPv6, so I'm filing a feature request because I didn't see an existing one.

dseomn avatar Mar 27 '21 19:03 dseomn

@petercork FYI

lwr20 avatar Apr 06 '21 16:04 lwr20

One more 'vote' for this. We are running an on-prem IPv6 vanilla K8s so I can assist with testing, if needed.

inistor avatar Apr 27 '21 15:04 inistor

We'd be very much interested in this, as all clusters are IPv6 only in our environment

telmich avatar Jul 11 '21 12:07 telmich

AWS is offering IPv6 prefixes to nodes now, so this is becoming more testable/usable in cloud too.

lwr20 avatar Oct 26 '21 17:10 lwr20

Hey @coutinhop, I see you self-assigned this issue. Anything we can do to help?

steffann avatar Aug 03 '22 11:08 steffann

I think its very close to being done. Code was here if you wanted a peek: https://github.com/projectcalico/calico/pull/6178/

We have a "hashrelease" (basically a build from the tip of the v3.24 branch, including docs and manifests) here if you wanted to take it for a spin: https://2022-08-03-v3-24-navigator.docs.eng.tigera.net/

Obviously this build is not supported or ready for GA, but its what we're testing on internally on the way to that point.

lwr20 avatar Aug 03 '22 14:08 lwr20

This feature should be done! See https://projectcalico.docs.tigera.io/release-notes/ for more details

mgleung avatar Aug 23 '22 23:08 mgleung

Thanks!

steffann avatar Aug 23 '22 23:08 steffann