Coder Social home page Coder Social logo

Comments (13)

howardjohn avatar howardjohn commented on July 18, 2024 1

I guess we need some logic to bind on 0.0.0.0 instead of [::] in those cases?

from ztunnel.

bleggett avatar bleggett commented on July 18, 2024 1

Yeah the bind has been v6-default in ztunnel for ages - there was some reason we picked that, I don't recall what it was.

I think it has more to do with whether someone is using a kernel with v6 support explicitly compiled out - even in V4-only clusters Linux is quite happy to locally bind V6 addresses, and we don't really care if they're routable outside the pod.

We can probably offer a back compat flag for people that aren't running v6 capable kernel networking stacks.

from ztunnel.

howardjohn avatar howardjohn commented on July 18, 2024 1

#1163 should fix this in the next release.

from ztunnel.

howardjohn avatar howardjohn commented on July 18, 2024

cc @bleggett and @leosarra

from ztunnel.

howardjohn avatar howardjohn commented on July 18, 2024

Is it easy to detect if they don't have ipv6 compiled in? if so we could just automate it

from ztunnel.

bleggett avatar bleggett commented on July 18, 2024

Is it easy to detect if they don't have ipv6 compiled in? if so we could just automate it

dunno, but that's an option yep.

We could also do an autofallback like we do for admin privs + use-original-src

from ztunnel.

leosarra avatar leosarra commented on July 18, 2024

I don't know how easily we can reliably check if the IPv6 module is loaded.
If that cannot be done, we could also expose the Kubernetes pod IPs field to the container.
If only IPv4 addresses are specified (single-stack ipv4 cluster), we use 0.0.0.0 as the unspecified address; otherwise, we use :: . Though, this would end up using 0.0.0.0 also for ipv4-only clusters where the ipv6 module is enabled.

from ztunnel.

aek-dsk avatar aek-dsk commented on July 18, 2024

Thank you all for the responses.

IMHO: A back-compat flag configurable via Helm as a pragmatic solution would definitely work for me --> no need for over-engineering if that would be necessary to get fully automated solution. To be honest, I was searching the Helm values for such a flag, just did not find it.

from ztunnel.

howardjohn avatar howardjohn commented on July 18, 2024

Hmm, I thought I could reproduce this with sudo sysctl -w net.ipv6.conf.all.disable_ipv6=1 for testing/local/etc, but that does not seem to trigger the failure

from ztunnel.

aek-dsk avatar aek-dsk commented on July 18, 2024

@howardjohn : Looks like you are trying to disable the ipv6 network interface only. I think that when using a kernel without ipv6 you don't even have the path "net.ipv6" at all. Please try to disable the kernel module completely e.g. via grub cmd option ipv6.disable=1

from ztunnel.

howardjohn avatar howardjohn commented on July 18, 2024

Yeah the bummer is if it needs kernel restart we cannot actually test it in our CI.

from ztunnel.

bleggett avatar bleggett commented on July 18, 2024

We already have an enableV6 helm flag for istio-cni - we can pretty easily share that with ztunnel as well.

from ztunnel.

aek-dsk avatar aek-dsk commented on July 18, 2024

@bleggett : Sounds good! Probably just the actual behavior of the flag would need some clarification...Enabling is fine, but disabling would need to avoid all ipv6-functionality/calls/dependencies completely.

from ztunnel.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.