-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Kubernetes operator: ingress proxies don't work in clusters with IPv6 Service IP range #12156
Labels
Comments
irbekrm
added a commit
that referenced
this issue
May 16, 2024
…dress is being created for an IPv6 backend(s) Updates #12156 Signed-off-by: Irbe Krumina <[email protected]>
irbekrm
added a commit
that referenced
this issue
May 16, 2024
…dress is being created for an IPv6 backend(s) (#12159) Updates #12156 Signed-off-by: Irbe Krumina <[email protected]>
Workaround is now documented in https://tailscale.com/kb/1236/kubernetes-operator#ipv6-support |
Mmx233
pushed a commit
to MultiMx/tailscale
that referenced
this issue
May 20, 2024
…dress is being created for an IPv6 backend(s) (tailscale#12159) Updates tailscale#12156 Signed-off-by: Irbe Krumina <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What is the issue?
For the ingress proxies we set up iptables/nftables rules to forward traffic received on proxy's tailnet IP to the cluster backend Service's Cluster IP address.
A proxy gets assigned both a tailnet IPv4 and IPv6 tailnet addresses. We set the proxy forwarding rules for the IP address family of the backend Service only (see here).
This means that if the backend Service has an IPv6 address only the traffic received on proxy's IPv4 tailnet address is not being forwarded.
Steps to reproduce
Are there any recent changes that introduced the issue?
No- this would affect operator ingress proxies at any Tailscale version
The text was updated successfully, but these errors were encountered: