From dd0f61d75d1661145f2938558a6f933d6dc6ba27 Mon Sep 17 00:00:00 2001 From: Lachlan Evenson Date: Wed, 6 Nov 2019 10:19:47 -0800 Subject: [PATCH 1/9] Add placehold doc updates for dualstack in 1.17 Signed-off-by: Lachlan Evenson --- .../en/docs/concepts/services-networking/dual-stack.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/content/en/docs/concepts/services-networking/dual-stack.md b/content/en/docs/concepts/services-networking/dual-stack.md index 359c8fbf8f3e2..87a80a89c5db0 100644 --- a/content/en/docs/concepts/services-networking/dual-stack.md +++ b/content/en/docs/concepts/services-networking/dual-stack.md @@ -58,6 +58,13 @@ To enable IPv4/IPv6 dual-stack, enable the `IPv6DualStack` [feature gate](/docs/ * `--cluster-cidrs=,` * `--feature-gates="IPv6DualStack=true"` +### New Additions (for follow up) + * Add new flags introduced in: + * https://github.com/kubernetes/kubernetes/pull/79993 + * https://github.com/kubernetes/kubernetes/pull/82462 + * https://github.com/kubernetes/kubernetes/pull/84089 + * https://github.com/kubernetes/kubernetes/pull/83123 + {{< caution >}} If you specify an IPv6 address block larger than a /24 via `--cluster-cidr` on the command line, that assignment will fail. {{< /caution >}} @@ -102,6 +109,8 @@ The use of publicly routable and non-publicly routable IPv6 address blocks is ac * Kubenet forces IPv4,IPv6 positional reporting of IPs (--cluster-cidr) * Dual-stack networking does not function if the `EndpointSlice` feature gate is enabled. + * Update Known Issues based on code merged into 1.17 + {{% /capture %}} {{% capture whatsnext %}} From b41e8eb18c5752aba062211c5f20da74ffff1d3e Mon Sep 17 00:00:00 2001 From: Lachlan Evenson Date: Fri, 15 Nov 2019 20:46:11 -0800 Subject: [PATCH 2/9] Add Downward API and /etc/hosts Pod IP validation Signed-off-by: Lachlan Evenson --- .../docs/tasks/network/validate-dual-stack.md | 35 +++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/content/en/docs/tasks/network/validate-dual-stack.md b/content/en/docs/tasks/network/validate-dual-stack.md index 52075ee4a5ac8..6a18a097b58ca 100644 --- a/content/en/docs/tasks/network/validate-dual-stack.md +++ b/content/en/docs/tasks/network/validate-dual-stack.md @@ -58,6 +58,41 @@ kubectl get pods pod01 -o go-template --template='{{range .status.podIPs}}{{prin a00:100::4 ``` +You can also validate Pod IPs using the Downward API using the `status.podIP` fieldPath. The following snippet demonstrates how you can expose the Pod IPs via an environment variable called `MY_POD_IPS` within the container runtime. + +``` + env: + - name: MY_POD_IPS + valueFrom: + fieldRef: + fieldPath: status.podIPs +``` + +The following command prints the value of the `MY_POD_IPS` environment variable from within the container. The value is a comma separated list that corresponds to the Pod's IPv4 and IPv6 addresses. +```shell +kubectl exec -it pod01 -- env | grep MY_POD_IPS +``` +``` +MY_POD_IPS=10.244.0.6,fd00::6 +``` + +The Pod's IP addresses will also be written to `/etc/hosts` within the container. The following command executes a cat on `/etc/hosts` on a dual stack Pod. From the output you can verify both the IPv4 and IPv6 IP address for the Pod. + +```shell +kubectl exec -it pod01 -- cat /etc/hosts +``` +``` +# Kubernetes-managed hosts file. +127.0.0.1 localhost +::1 localhost ip6-localhost ip6-loopback +fe00::0 ip6-localnet +fe00::0 ip6-mcastprefix +fe00::1 ip6-allnodes +fe00::2 ip6-allrouters +10.244.0.6 nginx-8bff7fdb7-xdzj6 +fd00::6 nginx-8bff7fdb7-xdzj6 +``` + ## Validate Services Create the following Service without the `ipFamily` field set. When this field is not set, the Service gets an IP from the first configured range via `--service-cluster-ip-range` flag on the kube-controller-manager. From 91f8f1a392619dde639fdc8e5b5f793b1b5349ca Mon Sep 17 00:00:00 2001 From: Lachlan Evenson Date: Fri, 15 Nov 2019 20:47:30 -0800 Subject: [PATCH 3/9] remove addressed known issue via k/k pr 85246 Signed-off-by: Lachlan Evenson --- content/en/docs/concepts/services-networking/dual-stack.md | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/content/en/docs/concepts/services-networking/dual-stack.md b/content/en/docs/concepts/services-networking/dual-stack.md index 87a80a89c5db0..f02f73cb061ad 100644 --- a/content/en/docs/concepts/services-networking/dual-stack.md +++ b/content/en/docs/concepts/services-networking/dual-stack.md @@ -107,10 +107,7 @@ The use of publicly routable and non-publicly routable IPv6 address blocks is ac * IPv6 network block assignment uses the default IPv4 CIDR block size (/24) * Kubenet forces IPv4,IPv6 positional reporting of IPs (--cluster-cidr) - * Dual-stack networking does not function if the `EndpointSlice` feature gate is enabled. - - * Update Known Issues based on code merged into 1.17 - + {{% /capture %}} {{% capture whatsnext %}} From 01b5633fc4635c70d4a5f175f32f6d615e0e8d2c Mon Sep 17 00:00:00 2001 From: Lachlan Evenson Date: Fri, 15 Nov 2019 20:51:11 -0800 Subject: [PATCH 4/9] Remove known issue and add flag as part of k/k 79993 Signed-off-by: Lachlan Evenson --- content/en/docs/concepts/services-networking/dual-stack.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/en/docs/concepts/services-networking/dual-stack.md b/content/en/docs/concepts/services-networking/dual-stack.md index f02f73cb061ad..5f911e2731830 100644 --- a/content/en/docs/concepts/services-networking/dual-stack.md +++ b/content/en/docs/concepts/services-networking/dual-stack.md @@ -51,6 +51,7 @@ To enable IPv4/IPv6 dual-stack, enable the `IPv6DualStack` [feature gate](/docs/ * `--feature-gates="IPv6DualStack=true"` * `--cluster-cidr=,` eg. `--cluster-cidr=10.244.0.0/16,fc00::/24` * `--service-cluster-ip-range=,` + * `--node-cidr-mask-size-ipv4|--node-cidr-mask-size-ipv6` defaults to /24 for IPv4 and /64 for IPv6 * kubelet: * `--feature-gates="IPv6DualStack=true"` * kube-proxy: @@ -105,9 +106,8 @@ The use of publicly routable and non-publicly routable IPv6 address blocks is ac ## Known Issues - * IPv6 network block assignment uses the default IPv4 CIDR block size (/24) * Kubenet forces IPv4,IPv6 positional reporting of IPs (--cluster-cidr) - + {{% /capture %}} {{% capture whatsnext %}} From 1e57d63ab1e4f17b18c5994ab63ddabc7cd6a573 Mon Sep 17 00:00:00 2001 From: Lachlan Evenson Date: Fri, 15 Nov 2019 20:52:27 -0800 Subject: [PATCH 5/9] remove follow up placeholders Signed-off-by: Lachlan Evenson --- content/en/docs/concepts/services-networking/dual-stack.md | 7 ------- 1 file changed, 7 deletions(-) diff --git a/content/en/docs/concepts/services-networking/dual-stack.md b/content/en/docs/concepts/services-networking/dual-stack.md index 5f911e2731830..09ac2323cd3cf 100644 --- a/content/en/docs/concepts/services-networking/dual-stack.md +++ b/content/en/docs/concepts/services-networking/dual-stack.md @@ -59,13 +59,6 @@ To enable IPv4/IPv6 dual-stack, enable the `IPv6DualStack` [feature gate](/docs/ * `--cluster-cidrs=,` * `--feature-gates="IPv6DualStack=true"` -### New Additions (for follow up) - * Add new flags introduced in: - * https://github.com/kubernetes/kubernetes/pull/79993 - * https://github.com/kubernetes/kubernetes/pull/82462 - * https://github.com/kubernetes/kubernetes/pull/84089 - * https://github.com/kubernetes/kubernetes/pull/83123 - {{< caution >}} If you specify an IPv6 address block larger than a /24 via `--cluster-cidr` on the command line, that assignment will fail. {{< /caution >}} From 88abfd80116b61bdc2b620044a31170b2d5d82ee Mon Sep 17 00:00:00 2001 From: Lachlan Evenson Date: Fri, 15 Nov 2019 20:54:20 -0800 Subject: [PATCH 6/9] Update verbiage Signed-off-by: Lachlan Evenson --- content/en/docs/tasks/network/validate-dual-stack.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/content/en/docs/tasks/network/validate-dual-stack.md b/content/en/docs/tasks/network/validate-dual-stack.md index 6a18a097b58ca..13c4fcf829a13 100644 --- a/content/en/docs/tasks/network/validate-dual-stack.md +++ b/content/en/docs/tasks/network/validate-dual-stack.md @@ -58,7 +58,7 @@ kubectl get pods pod01 -o go-template --template='{{range .status.podIPs}}{{prin a00:100::4 ``` -You can also validate Pod IPs using the Downward API using the `status.podIP` fieldPath. The following snippet demonstrates how you can expose the Pod IPs via an environment variable called `MY_POD_IPS` within the container runtime. +You can also validate Pod IPs using the Downward API via the `status.podIP` fieldPath. The following snippet demonstrates how you can expose the Pod IPs via an environment variable called `MY_POD_IPS` within a container. ``` env: @@ -68,7 +68,7 @@ You can also validate Pod IPs using the Downward API using the `status.podIP` fi fieldPath: status.podIPs ``` -The following command prints the value of the `MY_POD_IPS` environment variable from within the container. The value is a comma separated list that corresponds to the Pod's IPv4 and IPv6 addresses. +The following command prints the value of the `MY_POD_IPS` environment variable from within a container. The value is a comma separated list that corresponds to the Pod's IPv4 and IPv6 addresses. ```shell kubectl exec -it pod01 -- env | grep MY_POD_IPS ``` @@ -76,7 +76,7 @@ kubectl exec -it pod01 -- env | grep MY_POD_IPS MY_POD_IPS=10.244.0.6,fd00::6 ``` -The Pod's IP addresses will also be written to `/etc/hosts` within the container. The following command executes a cat on `/etc/hosts` on a dual stack Pod. From the output you can verify both the IPv4 and IPv6 IP address for the Pod. +The Pod's IP addresses will also be written to `/etc/hosts` within a container. The following command executes a cat on `/etc/hosts` on a dual stack Pod. From the output you can verify both the IPv4 and IPv6 IP address for the Pod. ```shell kubectl exec -it pod01 -- cat /etc/hosts From 9b02b93acb212631c886c3bf1bc7e2c76a46d7b1 Mon Sep 17 00:00:00 2001 From: Lachlan Evenson Date: Fri, 15 Nov 2019 20:56:20 -0800 Subject: [PATCH 7/9] Make IP addressing consistent throughout the task Signed-off-by: Lachlan Evenson --- content/en/docs/tasks/network/validate-dual-stack.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/content/en/docs/tasks/network/validate-dual-stack.md b/content/en/docs/tasks/network/validate-dual-stack.md index 13c4fcf829a13..9ba4749519cb3 100644 --- a/content/en/docs/tasks/network/validate-dual-stack.md +++ b/content/en/docs/tasks/network/validate-dual-stack.md @@ -73,7 +73,7 @@ The following command prints the value of the `MY_POD_IPS` environment variable kubectl exec -it pod01 -- env | grep MY_POD_IPS ``` ``` -MY_POD_IPS=10.244.0.6,fd00::6 +MY_POD_IPS=10.244.1.4,a00:100::4 ``` The Pod's IP addresses will also be written to `/etc/hosts` within a container. The following command executes a cat on `/etc/hosts` on a dual stack Pod. From the output you can verify both the IPv4 and IPv6 IP address for the Pod. @@ -89,8 +89,8 @@ fe00::0 ip6-localnet fe00::0 ip6-mcastprefix fe00::1 ip6-allnodes fe00::2 ip6-allrouters -10.244.0.6 nginx-8bff7fdb7-xdzj6 -fd00::6 nginx-8bff7fdb7-xdzj6 +10.244.1.4 pod01 +a00:100::4 pod01 ``` ## Validate Services From 4d303fe2bf3ae48284dca7040f2ee8ee12e77c6c Mon Sep 17 00:00:00 2001 From: Lachlan Evenson Date: Fri, 15 Nov 2019 21:49:46 -0800 Subject: [PATCH 8/9] Update to status.podIPs Signed-off-by: Lachlan Evenson --- content/en/docs/tasks/network/validate-dual-stack.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/tasks/network/validate-dual-stack.md b/content/en/docs/tasks/network/validate-dual-stack.md index 9ba4749519cb3..4a7711c7162cb 100644 --- a/content/en/docs/tasks/network/validate-dual-stack.md +++ b/content/en/docs/tasks/network/validate-dual-stack.md @@ -58,7 +58,7 @@ kubectl get pods pod01 -o go-template --template='{{range .status.podIPs}}{{prin a00:100::4 ``` -You can also validate Pod IPs using the Downward API via the `status.podIP` fieldPath. The following snippet demonstrates how you can expose the Pod IPs via an environment variable called `MY_POD_IPS` within a container. +You can also validate Pod IPs using the Downward API via the `status.podIPs` fieldPath. The following snippet demonstrates how you can expose the Pod IPs via an environment variable called `MY_POD_IPS` within a container. ``` env: From f62820aef1c69821628bc4bb92836bf2e3f64226 Mon Sep 17 00:00:00 2001 From: Lachlan Evenson Date: Fri, 22 Nov 2019 10:36:02 -0800 Subject: [PATCH 9/9] Update content/en/docs/tasks/network/validate-dual-stack.md Use set instead of env Co-Authored-By: Khaled Henidak (Kal) --- content/en/docs/tasks/network/validate-dual-stack.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/content/en/docs/tasks/network/validate-dual-stack.md b/content/en/docs/tasks/network/validate-dual-stack.md index 4a7711c7162cb..7014b303a48d6 100644 --- a/content/en/docs/tasks/network/validate-dual-stack.md +++ b/content/en/docs/tasks/network/validate-dual-stack.md @@ -70,7 +70,7 @@ You can also validate Pod IPs using the Downward API via the `status.podIPs` fie The following command prints the value of the `MY_POD_IPS` environment variable from within a container. The value is a comma separated list that corresponds to the Pod's IPv4 and IPv6 addresses. ```shell -kubectl exec -it pod01 -- env | grep MY_POD_IPS +kubectl exec -it pod01 -- set | grep MY_POD_IPS ``` ``` MY_POD_IPS=10.244.1.4,a00:100::4 @@ -158,4 +158,3 @@ my-service ClusterIP fe80:20d::d06b 2001:db8:f100:4002::9d37:c0d7 80:318 {{% /capture %}} -