diff options
| author | Tom Proctor <tomhjp@users.noreply.github.com> | 2024-07-05 12:21:48 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-07-05 12:21:48 +0100 |
| commit | 01a7726cf7306813680eaeda5a29fee03ef1cd5b (patch) | |
| tree | 1a820a94717bd286ca15b67cded73e2ed3988832 /control/controlknobs | |
| parent | 309afa53cfd7493f9d82b87aeb52d253184ba04f (diff) | |
| download | tailscale-01a7726cf7306813680eaeda5a29fee03ef1cd5b.tar.xz tailscale-01a7726cf7306813680eaeda5a29fee03ef1cd5b.zip | |
cmd/containerboot,cmd/k8s-operator: enable IPv6 for fqdn egress proxies (#12577)
cmd/containerboot,cmd/k8s-operator: enable IPv6 for fqdn egress proxies
Don't skip installing egress forwarding rules for IPv6 (as long as the host
supports IPv6), and set headless services `ipFamilyPolicy` to
`PreferDualStack` to optionally enable both IP families when possible. Note
that even with `PreferDualStack` set, testing a dual-stack GKE cluster with
the default DNS setup of kube-dns did not correctly set both A and
AAAA records for the headless service, and instead only did so when
switching the cluster DNS to Cloud DNS. For both IPv4 and IPv6 to work
simultaneously in a dual-stack cluster, we require headless services to
return both A and AAAA records.
If the host doesn't support IPv6 but the FQDN specified only has IPv6
addresses available, containerboot will exit with error code 1 and an
error message because there is no viable egress route.
Fixes #12215
Signed-off-by: Tom Proctor <tomhjp@users.noreply.github.com>
Diffstat (limited to 'control/controlknobs')
0 files changed, 0 insertions, 0 deletions