-
Notifications
You must be signed in to change notification settings - Fork 599
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
IPv6-only support / improvements #9372
Comments
This one I'm confused a bit, as the address is assigned to the host network. Or you mean that CoreDNS with pod networking doesn't have IPv4 address at all, so it can't reach out? |
Sorry, should have mentioned that indeed my PodCIDR is IPv6 only. So the pods only have an IPv6 address assigned. My cluster is basically IPv6 single stack instead of dual-stack. |
Something else that might be of interest is that I'm using the bridge CNI plugin that comes bundled with Talos.
Since I'm using a GUA IPv6 prefix the pods can directly access the internet without any need for NAT / masquerading / etc. So from a networking perspective this is I guess the simplest setup that you can get. Also, since I have no firewall configured (yet) I can actually reach the pods directly from any other server in the world. Sidenote: to generate the above CNI configuration I had to use a It would be nice if we could write files to |
I’d like to add to this excellent article that ghcr.io doesn’t resolve in an IPv6-only environment either. Instead of relying on pull-through registries, I’ve been using the public NAT64 service provided by Kasper, which simply requires configuring DNS. REM: I could not figure out how to remove the default |
Bug Report
Description
DNS not working when Talos is installed on a machine in an IPv6-only network.
I needed to do multiple customizations and workarounds which I think should not be needed.
Some things that I noticed:
Default nameservers
Issue:
The default nameservers are
1.1.1.1
and8.8.8.8
, which cannot be reached from IPv6.Workaround:
Configure an IPv6 nameserver using the dashboard (requires a local screen/keyboard or BMC).
Alternatively configure a DNS server using the
ip=:::::::<dns0-ip>:<dns1-ip>:<ntp0-ip>
kernel arg.Better solution:
Talos should use the IPv6 equivalent when no IPv4 address is configured on any interface.
Nameservers announced by ND are ignored
Issue:
DNS servers that are announced via ND (SLAAC setup) are currently ignored by Talos.
Workaround:
Override DNS servers using machine configuration.
Better solution:
Talso should use the announced DNS servers from ND similar to how it does for DNS servers announced via IPv4 DHCP.
IPv6 endpoint for Image Factory
Issue:
Talos Image Factory (
factory.talos.dev
) has no IPv6 addresses configured.Workaround:
Run a pull-through registry on a dual-stack server.
Better solution:
Already tracked by siderolabs/image-factory#60
DNS forwarding to host
Issue:
DNS requests are forwarded to the host using a hardcoded
169.254.116.108
IPv4 address, but there is no matching IPv4 route in a IPv6-only environment.Workaround:
Disable DNS forwarding.
Better solution:
Also use a hardcoded IPv6 address as a fallback.
Logs
N/A
Output of
talosctl get routes | grep -v veth
Environment
metal
Tasks
The text was updated successfully, but these errors were encountered: