Support IPv6

kakao · Sep 14, 2020 · 9964b51 · 9964b51
1 parent 9ec6120
commit 9964b51
Show file tree

Hide file tree

Showing 9 changed files with 614 additions and 91 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -16,7 +16,7 @@ RUN CGO_ENABLED=0 GO111MODULE=on go build -a -o ipvs-node-controller main.go
 
 # Build image
 FROM alpine:3.11.6
-RUN apk add iptables=1.8.3-r2
+RUN apk add iptables=1.8.3-r2 ip6tables=1.8.3-r2
 
 WORKDIR /
 COPY --from=builder /workspace/ipvs-node-controller .

diff --git a/README.md b/README.md
@@ -15,6 +15,22 @@ Deploy ipvs-node-controllers through below command.
 kubectl apply -f https://raw.githubusercontent.com/kakao/ipvs-node-controller/master/deploy/ipvs-node-controller.yml
 ```
 
+## Configuration
+
+### IPv6
+
+ipvs-node-controller also supports IPv6. However, IPv6 is not enabled by default. To use IPv6, set "NET_STACK" environment in the DaemonSet manifests of ipvs-node-controller as follows.
+
+```
+...
+env:
+- name: NET_STACK
+  value: ipv4,ipv6
+- name: NODE_NAME
+  valueFrom:
+...
+```
+
 ## How it works?
 
 ipvs-node-controller works on all worker nodes and adds the DNAT rules that converts destination IP of a packet from External-IP to Cluster-IP to iptables. ipvs-node-controller adds two DNAT rules for each LoadBalancer type service. One is added to the prerouting chain and the other is added to the output chain. The DNAT rule in the prerouting chain is for the pod that uses pod-only network namespace. On the other hand, The DNAT rule in the output chain is for the pod that uses host network namespace. All DNAT rules only target packets from pods on the host. Below is an example.