0

Running kops version: 1.24.1, kubectl version 1.24.2 on AWS in a dual-stack enabled VPC I use the following command to create the cluster

kops create cluster --cloud aws \
                --vpc $VPC_ID \
                --node-count 2 \
                --zones us-east-1a,us-east-1b \
                --master-zones us-east-1a,us-east-1b,us-east-1c \
                --node-size $NODE_SIZE  \
                --master-count 3 \
                --master-size $MASTER_SIZE  \
                --networking calico \
                --ssh-public-key ~/.ssh/id_rsa.pub \
                --cloud-labels  "Cost=NewDevKubernetesCluster" \
                --ipv6

After the cluster is created and validated, I'm trying to create a nginx service with dual-stack loadbalancer. nginx service creation fails with the following error

The Service "svc-nginx" is invalid: spec.ipFamilyPolicy: Invalid value: "RequireDualStack": this cluster is not configured for dual-stack services

Here's my cluster manifest (with omitted identifiable information):

apiVersion: kops.k8s.io/v1alpha2
kind: Cluster
metadata:
  creationTimestamp: "2022-08-30T17:07:55Z"
  generation: 1
  name: devcluster.dev.domain.name
spec:
  api:
    dns: {}
  authorization:
    rbac: {}
  channel: stable
  cloudControllerManager: {}
  cloudLabels:
    Cost: NewDevKubernetesCluster
  cloudProvider: aws
  configBase: s3://devcluster-kops-state-store/devcluster.dev.domain.name
  etcdClusters:
  - cpuRequest: 200m
    etcdMembers:
    - encryptedVolume: true
      instanceGroup: master-us-east-1a
      name: a
    - encryptedVolume: true
      instanceGroup: master-us-east-1b
      name: b
    - encryptedVolume: true
      instanceGroup: master-us-east-1c
      name: c
    memoryRequest: 100Mi
    name: main
  - cpuRequest: 100m
    etcdMembers:
    - encryptedVolume: true
      instanceGroup: master-us-east-1a
      name: a
    - encryptedVolume: true
      instanceGroup: master-us-east-1b
      name: b
    - encryptedVolume: true
      instanceGroup: master-us-east-1c
      name: c
    memoryRequest: 100Mi
    name: events
  iam:
    allowContainerRegistry: true
    legacy: false
  kubelet:
    anonymousAuth: false
    authenticationTokenWebhook: true
    authorizationMode: Webhook
  kubernetesApiAccess:
  - 0.0.0.0/0
  - ::/0
  kubernetesVersion: 1.24.4
  masterInternalName: api.internal.devcluster.dev.domain.name
  masterPublicName: api.devcluster.dev.domain.name
  networkCIDR: 172.30.0.0/16
  networkID: vpc-ID
  networking:
    calico: {}
  nonMasqueradeCIDR: ::/0
  sshAccess:
  - 0.0.0.0/0
  - ::/0
  subnets:
  - cidr: 172.30.32.0/19
    ipv6CIDR: 2600:a:b:c::/64
    name: us-east-1a
    type: Public
    zone: us-east-1a
  - cidr: 172.30.64.0/19
    ipv6CIDR: 2600:a:b:d::/64
    name: us-east-1b
    type: Public
    zone: us-east-1b
  - cidr: 172.30.96.0/19
    ipv6CIDR: 2600:a:b:e::/64
    name: us-east-1c
    type: Public
    zone: us-east-1c
  topology:
    dns:
      type: Public
    masters: public
    nodes: public

I'm not sure why is the cluster being created with IPv6 only support

igalsc
  • 11
  • 3
  • Based on the kops team, there's a need to use https://kops.sigs.k8s.io/addons/#aws-load-balancer-controller and then an NLB with the dualstack annotation. still looking into it – igalsc Aug 31 '22 at 17:29

0 Answers0