You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What would you like to be added: Support for defining the target ip address of a certain address family while using the discovered ip address of the other family.
Why is this needed:
My dual-stack kubernetes cluster (and I suspect many others) is located behind an IPv4 NAT, but has native IPv6 access. This means that services of type LoadBalancer are assigned ExtenalIPs (by cilium lb-ipam in my case) in both the IPv4 RFC1918 range and a GUA address pool dedicated to my cluster.
External IPv4 connections are NATed on a router in front of the kubernetes cluster and kubernetes has no idea what the outside address of this NAT is, but I can manually specify it via the external-dns.alpha.kubernetes.io/target annotation. The problem is that if I do this, the discovered IPv6 record will not be published because I just overrode it with only an IPv4 address.
This leaves me in 3 situations, not of them being optimal IMO:
I don't use any annotation, resulting in external-dns publishing my service's RFC1918 address in the A record and the IPv6 GUA address in the AAAA record. Result: IPv6 connectivity theoretically works fine but IPv4 connectivity will resolve to an address people outside the LAN can't reach.
I use the external-dns.alpha.kubernetes.io/target annotation set to an IPv4 address to publish an A record with the external IP of my NAT. Result: IPv4 connectivity works fine but no AAAA record will be published so IPv6 is broken.
I use the external-dns.alpha.kubernetes.io/target to set both and IPv4 and IPv6 address, comma-separated. Result: IPv4 and IPv6 connectivity work fine, but I have to manually define the ExternalIP on my services to avoid desyncs and I lose the niceties of having IP addresses dynamically allocated by my k8s loadbalancer.
It would be nice to either have extra annotations to support this use case or a cli flag that would allow you to keep discovering addresses of a different family if external-dns.alpha.kubernetes.io/target only contains addresses of a certain family.
The text was updated successfully, but these errors were encountered:
What would you like to be added: Support for defining the target ip address of a certain address family while using the discovered ip address of the other family.
Why is this needed:
My dual-stack kubernetes cluster (and I suspect many others) is located behind an IPv4 NAT, but has native IPv6 access. This means that services of type
LoadBalancer
are assignedExtenalIP
s (by cilium lb-ipam in my case) in both the IPv4 RFC1918 range and a GUA address pool dedicated to my cluster.External IPv4 connections are NATed on a router in front of the kubernetes cluster and kubernetes has no idea what the outside address of this NAT is, but I can manually specify it via the
external-dns.alpha.kubernetes.io/target
annotation. The problem is that if I do this, the discovered IPv6 record will not be published because I just overrode it with only an IPv4 address.This leaves me in 3 situations, not of them being optimal IMO:
I don't use any annotation, resulting in external-dns publishing my service's RFC1918 address in the A record and the IPv6 GUA address in the AAAA record. Result: IPv6 connectivity theoretically works fine but IPv4 connectivity will resolve to an address people outside the LAN can't reach.
I use the
external-dns.alpha.kubernetes.io/target
annotation set to an IPv4 address to publish an A record with the external IP of my NAT. Result: IPv4 connectivity works fine but no AAAA record will be published so IPv6 is broken.I use the
external-dns.alpha.kubernetes.io/target
to set both and IPv4 and IPv6 address, comma-separated. Result: IPv4 and IPv6 connectivity work fine, but I have to manually define the ExternalIP on my services to avoid desyncs and I lose the niceties of having IP addresses dynamically allocated by my k8s loadbalancer.It would be nice to either have extra annotations to support this use case or a cli flag that would allow you to keep discovering addresses of a different family if
external-dns.alpha.kubernetes.io/target
only contains addresses of a certain family.The text was updated successfully, but these errors were encountered: