We are about to start setting up a new kubernetes cluster on bare metal at our own datacenter. The documentation for the k8s moduls and services is great, however I was not able to find any comprehensive top view documentation on the components necessary to meet our requirements:
Pods need to be reachable via IPv4 and IPv6 Pods need to be able to move between hosts and still be reachable on both protocols Pods need to reach outside resources through IPv4 and IPv6 I know that one can use MetalLb for ingress traffic management. But would that also work when a pod tries to reach an external v4/v6 resource?
What would be necessary, overall, to satisfy the requirements?
I used Kubernetes 1.21 with Calico for networking behind my BGP router/firewall (Juniper SRX) for external connectivity. Calico can be combined with metallb where metallb does the orchestration and Calico does the BGP routing. See https://docs.projectcalico.org/networking/advertise-service-ips#advertise-service-load-balancer-ip-addresses for more details on that.
Add nginx for ingress and cert-manager for certificates, and you should have everything you need.
I did notice that the load balancer doesn't handle dual stack, but you can easily work around that by creating two separate ones: one single stack IPv6 and one single stack IPv4.
I'm using Kubernetes 1.21 with Calico and BGP without metalb.
Using traefik for ingress and cert-manager for certificates.
The Traefik load balancer does support dual stack, at least without metalb, but requires you to set
ipFamilyPolicy
on the service toPreferDualStack
, and have services cidr configured with IPv6 cidr (which should be done by default on kubeadm v1.21+). I had to use RequireDualStack with k3s for it to accept IPv6 connections.https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services https://kubernetes.io/docs/tasks/network/validate-dual-stack/