This is not a question about tunnelling, although that may be part of a solution.
With public cloud providers it's trivial to request a load balancer due to providers owning large class A/B/C public IPv4 blocks. However, whilst it's trivial to own an ipv6 block, it's non-trivial to issue load balancer addresses because you can't assume incoming traffic supports ipv6. How to bridge this gap?
Trying to achieve: Given limited ipv4 public addresses (4), instead , generate layer 7 http load balancer A records, which map to ipv4 addresses. These ip4 addresses then route to in-cluster ipv6 cluster addresses. Perhaps SNI is needed here?
Constraints: Can't assume that Ingres traffic supports ipv6, so (if possible) SNAT is needed to rewrite ipv6 -> ipv6 and back again (is this possible?), iptables , and conntrack for connection tracking?
E.g ingress
Load balancer A records Public ipv4 address <mapping (not tunnelling)> Public ipv6 address range
lb[1-n].example.com ------> 192.0.2.0/24 ----> 2001:DB8::/32
E.g. egress
ipv6 address range Public ipv4 address
2001:DB8::/32 -----> 192.0.2.0/24 ----> source ip ipv4 or ipv6
https://sookocheff.com/post/kubernetes/understanding-kubernetes-networking-model/ https://kubernetes.io/docs/concepts/services-networking/dual-stack/ netfilter https://metallb.universe.tf/ https://linux.die.net/man/8/ip6tables https://community.hetzner.com/tutorials/install-kubernetes-cluster