+1

If you are interested in IPv6 with Docker have a look at my PR moby/moby#8947 and feel free to test, review and upvote :)

Will do @MalteJ. Thanks

OK, the Docker IPv6 pull request is merged. Now it's time for k8s IPv6 ;)

Any ETA?

I don't think anyone is working on this.

GCP and AWS don't support IPv6 so I'd figure this is very-low priority stuff.

What part of IPv6 isn't working? I've been able to scrape targets over v6
juts fine.

For example:
target_groups:

• targets: ['[::1]:9090']

There are some strangeness with host:port specs in Go.
https://golang.org/src/net/ipsock.go#L107

On Tue, Mar 15, 2016 at 4:14 PM, André Martins notifications@github.com
wrote:

Any ETA?

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
#1443 (comment)

I'm sorry, too many mailing lists. I got this confused with the Prometheus
list. SIGH :)

On Tue, Mar 15, 2016 at 6:03 PM, Ben Kochie superq@gmail.com wrote:

What part of IPv6 isn't working? I've been able to scrape targets over v6
juts fine.

For example:
target_groups:

• targets: ['[::1]:9090']

There are some strangeness with host:port specs in Go.
https://golang.org/src/net/ipsock.go#L107

On Tue, Mar 15, 2016 at 4:14 PM, André Martins notifications@github.com
wrote:

Any ETA?

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:

#1443 (comment)

Looks like IPv6 is available in Ohio now.

https://aws.amazon.com/blogs/aws/new-ipv6-support-for-ec2-instances-in-virtual-private-clouds/

From @thockin via twitter on known things that would have to happen to make this work

• API: IP & CIDR fields
• iptables kubelet & proxy
• CNI & bridge driver
• grep and fix all places we have To4, ParseIP, ParseCIDR

Now available in 15 AWS regions:

https://aws.amazon.com/blogs/aws/aws-ipv6-update-global-support-spanning-15-regions-multiple-aws-services/

Before we start auditing and/or implementing the various IPv6 pieces outlined above, I think we need to come to an agreement on the following: Do we impose a restriction on the maximum IPv6 prefix length (i.e. minimum IPv6 subnet space) that is allocated to a node? My strong preference would be to limit the length of an IP prefix that is allocated to a node to be 64 bits of prefix or shorter (i.e. subnet space equivalent to a /64 space or larger). This would allow for 64 bits of interface ID, which is the defacto standard for IPv6. I believe that this is a reasonable restriction, but I haven't seen it stated/written anywhere in Kubernetes or CNI documentation. There are several reasons for imposing this restriction:

• Reasons outlined in RFC7421. Especially considering IPv6 features listed in Section 4.1 that depend on there being a 64-bit interface ID. Not sure if we'd need any particular feature listed here, but the code would be more future-proof if it allows for a 64-bit interface ID.
• To avoid collisions in the IPv6 Neighbor Discovery cache: See the discussion on this CNI pull request: hwaddr: Generate MAC address for IPv6-only pods containernetworking/cni#394.
• (Less important) To avoid crazy 128-bit arithmetic operations when selecting an IPv6 subnet for a node. For example, there's this line in the function newCIDRset() function in pkg/controller/node/cidr_set.go:
  maxCIDRs := 1 << unit32(subNetMaskSize - clusterMaskSize)
  This 32-bit operation currently works only for IPv4. For IPv6, this would have to be a 128-bit operation assuming that there was no restriction on subNetMaskSize (and Go language doesn't have a native 128-bit type). If subNetMaskSize is restricted to a max of 64, then a uint64 would work in place of the uint32.

Allocating a /64 space per node may sound wasteful, but it's very reasonable when you're starting with a /48 or a /50 cluster space. A /48 or /50 cluster space is reasonable esp. when it's private (a.k.a. ULA) address space.

Aside from this /64-vs-no-limit issue, some colleagues and I have started looking into the instances of To4(), ParseIP(), and ParseCIDR() in the kubernetes code, and how these might have to change for IPv6/dual-stack support. The not-so-good news is that there are lots of instances of where these are called. The good news is that 'net' library calls such as ParseIP() and ParseCIDR() are indifferent to whether they're operating on IPv6 or IPv4 addresses... they will do the right thing according to what they're passed. Similarly, the 'net' structures such as IP and IPNet work equally well for IPv4 and IPv6. Another help is that IPv4 addresses can be represented internally by their IPv4-mapped IPv6 address ::ffff:[ipv4-address] (see RFC4291, Sect. 2.5.5.2) using a 16-byte slice. In this way, a 'net' IP address can hold either:

• 4-byte slice, IPv4
• 16-byte slice, IPv4-mapped IPv6
• 16-byte slice, IPv6 address
  The 'net' functions/utilities can work with any of these... it can differentiate between these as needed. In fact, the To4() function can be used to distinguish between the last 2 bullets above.
  For existing calls to To4(), these can probably be replaced with a call to To16(), or just remove the call to IP4() and leave the IP unmodified.

Do we impose a restriction on the maximum IPv6 prefix length (i.e. minimum IPv6 subnet space) that is allocated to a node?

I believe we should.

My strong preference would be to limit the length of an IP prefix that is allocated to a node to be 64 bits of prefix or shorter (...)

You've outlined more details than I could think of. The arithmetic concerns are spot on!

Now, from the top of my head, I think most issues will happen with:

• kube-proxy and the kubelet, which expose a few flags related to IP addresses + deal a lot with IPTables - I'm left wondering how to properly manage virtual IPv6 addresses (for services);
• CNI plug-ins;
• Bootstrap new clusters & upgrade story (if we'll be supporting it) for existing IPv4 clusters:
  • how addresses are managed, i.e. persisted in storage;
  • move components from IPv4 to IPv6, e.g. controller-manager --cluster-cidr where this component stops managing IPv4 and now manages IPv6
  • A potential dependency on external DNS, since:
    • component configuration still depends on knowing IPs beforehand, e.g. kubelet --cluster-dns=10.100.0.10
    • or kubeadm join --discovery-token 123456.abcdefghij <one or more apiserver IPv6 addresses>

@leblancd Thanks for your IPv6 work on k8s !!
Any idea in which release Kube-proxy will start to handle IP6table for Services ? and specially Service/ExternalIPs ?

cc @sadasu

I have created a Kubernetes IPv6 deployment guide based on a forked release containing several outstanding PR's. The guide will be transitioned into upstream Kubernetes documentation for the 1.9 release. Feel free to use the guide in the interim for test/dev efforts. I would appreciate any feedback.

@valentin2105 : Services/externalIPs should work with required cherry picks. See the Kubernetes IPv6 deployment guide which refers to Kubernetes IPv6 Version v1.9.0-alpha.0.ipv6.0. I would appreciate any feedback.

@leblancd thank you very much for putting this together!

@lachie83 : YW on behalf of the IPv6 working group: @danehans, @pmichali, @rpothier, @aanm, and the sig-network team.

I wrote this post if it can help people to Deploy IPv6 in Kubernetes // https://opsnotice.xyz/kubernetes-ipv6-only/

What's needed to get this implemented. We would love to see IPv6 at Scalefastr as that works really well for our use case.

IPv6 is awesome when you have a whole /64 and plenty of IPs to work with on the host machine.

@burtonator IPv6 will be added as an alpha feature in the 1.9 release. You can use kubeadm to deploy an IPv6 Kubernetes cluster by specifying an IPv6 address for --apiserver-advertise-address and using brackets around the IPv6 master address for kubeadm join --token <token> [<master-ip>]:<master-port>. The above information and other specifics will be part of the 1.9 release documentation. Prior to 1.9, @leblancd create the kube-v6 project to test Kubernetes with IPv6.

I think be able to disable ClusterIP is an important point about IPv6 :

#57069

@burtonator What CNI network plugin do you use?

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

This issue has been used to follow support for IPv6-only clusters (Alpha support in Kubernetes 1.9)
For dual-stack support, new issues have been filed and a design document has been proposed:
#62822
kubernetes/enhancements#563
kubernetes/community#2254

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle rotten
/remove-lifecycle stale

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close