Score:2

What's necessary for a bare metal dual stack kubernetes setup?

ch flag

We are about to start setting up a new kubernetes cluster on bare metal at our own datacenter. The documentation for the k8s moduls and services is great, however I was not able to find any comprehensive top view documentation on the components necessary to meet our requirements:

Pods need to be reachable via IPv4 and IPv6 Pods need to be able to move between hosts and still be reachable on both protocols Pods need to reach outside resources through IPv4 and IPv6 I know that one can use MetalLb for ingress traffic management. But would that also work when a pod tries to reach an external v4/v6 resource?

What would be necessary, overall, to satisfy the requirements?

Score:5
kr flag

I used Kubernetes 1.21 with Calico for networking behind my BGP router/firewall (Juniper SRX) for external connectivity. Calico can be combined with metallb where metallb does the orchestration and Calico does the BGP routing. See https://docs.projectcalico.org/networking/advertise-service-ips#advertise-service-load-balancer-ip-addresses for more details on that.

Add nginx for ingress and cert-manager for certificates, and you should have everything you need.

I did notice that the load balancer doesn't handle dual stack, but you can easily work around that by creating two separate ones: one single stack IPv6 and one single stack IPv4.

Score:2
gb flag

I'm using Kubernetes 1.21 with Calico and BGP without metalb.

Using traefik for ingress and cert-manager for certificates.

The Traefik load balancer does support dual stack, at least without metalb, but requires you to set ipFamilyPolicy on the service to PreferDualStack, and have services cidr configured with IPv6 cidr (which should be done by default on kubeadm v1.21+). I had to use RequireDualStack with k3s for it to accept IPv6 connections.

https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services https://kubernetes.io/docs/tasks/network/validate-dual-stack/

SYN avatar
hk flag
SYN
Note that OP is asking about bare-metal. I'm not sure how you do LoadBalancer services, without Metal-LB -- your cloud-provider supports it, hooray. For Metal-LB, there are still pull requests that need to be merged: https://github.com/metallb/metallb/pull/727
gb flag
@SYN This is on bare-metal. There is no absolute need for metalb with Calico and BGP and no encapsulation.
SYN avatar
hk flag
SYN
OP asks about it though
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.