Enable provisioning of external L4 service LoadBalancer with IPv6 #65675
Comments
k8s-ci-robot
added
kind/feature
|
GCP supports IPv6 for only SSL/TCP Proxy LBs - not for the network LBs that are created by Kubernetes for services of type LoadBalancer. An alternative that works today is using ingress and providing an IPv6 address. |
|
@nicksardo Thanks, I'm new to GCP so the terminology is still settling in. So the load balancer that gets generated by the K8s API is sort of a fourth, non-UI-creatable load balancer type? It operates as a TCP LB but it's with a more limited feature set than the TCP LB I could create through the console? Looks like you're a GCP engineer; any thoughts on whether this is roadmapped or not, or is IPv6 just not on the table for TCP? |
|
All LB types are capable of being manually created via GCP Console, API, and CLI. The distinction is that K8s creates the type without a proxy (connection termination) (https://cloud.google.com/load-balancing/docs/network/setting-up-network). The proxy type is created with different GCP API resources (https://cloud.google.com/load-balancing/docs/tcp/setting-up-tcp) and not supported by the K8s service controller. I wouldn't call the former a limited feature set; terminating the connection is a polarizing decision as you lose the source information unless you enable the proxy header protocol (see link) and the app can consume it. I can't speak to a roadmap, sorry. |
|
@nicksardo Thanks and understood. So is there any configuration inside GCP that would get to the desired result of an IPv6 address in front of a K8s service with a network LB? I poked around a bit initially to see if I could, say, put a Proxy LB with the other LB behind it as a backend, but that seems 1) impossible and 2) too cute. |
How would one provide an IPv6 address to the ingress? Is it a manual step done via API/dashboard in GCP? |
|
This issue is also relevant here: kubernetes/ingress-gce#87 |
|
@mofirouz My understanding is that it is just not possible, at the moment. |
|
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
k8s-ci-robot
added
the
lifecycle/stale
|
/remove-lifecycle stale |
k8s-ci-robot
removed
the
lifecycle/stale
|
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
k8s-ci-robot
added
the
lifecycle/stale
|
/remove-lifecycle stale |
k8s-ci-robot
removed
the
lifecycle/stale
thockin
added
sig/network
|
There is not a generic way to do this. Some clouds support IPv6 and some do not. GCP does not support IPv6 for the NetworkLB product, which is what backs kube Services. For clouds that do support IPv6, there needs to be a cloud-specific way to express what you want (e.g. an annotation) until dual-stack support is done. Getting an IPv6 address for an Ingress should be possible on GCP, but that is not what this is about. I don't think there's an annotation for that one yet, but it's at least possible. |
|
Google supports IPv6 for L4 loadbalancers now. Can we reopen this? Kubernetes lets me specify an IPv6 |
|
@Arachnid thockins last comment is still valid. Kube services on GCP uses the Network Load Balancer, which does not support IPv6. |
Is this a BUG REPORT or FEATURE REQUEST?:
/kind feature
/sig gcp
What happened:
External load balancers created via a service record provision only an IPv4 address. According to the GCP documentation, load balancers may be allocated an IPv6 address, however it appears these instructions only apply to GCE configurations made manually through the console or CLI, not those created and managed by the Kubernetes engine.
What you expected to happen:
IPv6 addresses may be attached to the external load balancer.
How to reproduce it (as minimally and precisely as possible):
Create a service with
spec.type: LoadBalancer. An ephemeral IPv4 address will be allocated (which can also be promoted to a static address.) There is no pathway to creating an IPv6 address.Anything else we need to know?:
Related code seems to be at https://github.com/kubernetes/kubernetes/blob/master/pkg/cloudprovider/providers/gce/gce_loadbalancer_external.go
Environment:
kubectl version):v1.10.2-gke.3The text was updated successfully, but these errors were encountered: