kubernetes-sigs
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

add nat_outgoing_ipv6 to calico defaults and docs (#10866)

pull/10900/head
anders-elastisys 2024-02-06 08:14:22 +01:00 committed by GitHub
parent de4d6a69ee
commit c698790122
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
docs/calico.md
View File

@ -222,6 +222,14 @@ calico_node_livenessprobe_timeout: 10
calico_node_readinessprobe_timeout: 10 calico_node_readinessprobe_timeout: 10
``` ```
### Optional : Enable NAT with IPv6
To allow outgoing IPv6 traffic going from pods to the Internet, enable the following:
```yml
nat_outgoing_ipv6: true # NAT outgoing ipv6 (default value: false).
```
## Config encapsulation for cross server traffic ## Config encapsulation for cross server traffic
Calico supports two types of encapsulation: [VXLAN and IP in IP](https://docs.projectcalico.org/v3.11/networking/vxlan-ipip). VXLAN is the more mature implementation and enabled by default, please check your environment if you need *IP in IP* encapsulation. Calico supports two types of encapsulation: [VXLAN and IP in IP](https://docs.projectcalico.org/v3.11/networking/vxlan-ipip). VXLAN is the more mature implementation and enabled by default, please check your environment if you need *IP in IP* encapsulation.
@ -235,7 +243,7 @@ If you are running your cluster with the default calico settings and are upgradi
* perform a manual migration to vxlan before upgrading kubespray (see migrating from IP in IP to VXLAN below) * perform a manual migration to vxlan before upgrading kubespray (see migrating from IP in IP to VXLAN below)
* pin the pre-2.19 settings in your ansible inventory (see IP in IP mode settings below) * pin the pre-2.19 settings in your ansible inventory (see IP in IP mode settings below)
**Note:**: Vxlan in ipv6 only supported when kernel >= 3.12. So if your kernel version < 3.12, Please don't set `calico_vxlan_mode_ipv6: vxlanAlways`. More details see [#Issue 6877](https://github.com/projectcalico/calico/issues/6877). **Note:**: Vxlan in ipv6 only supported when kernel >= 3.12. So if your kernel version < 3.12, Please don't set `calico_vxlan_mode_ipv6: Always`. More details see [#Issue 6877](https://github.com/projectcalico/calico/issues/6877).
### IP in IP mode ### IP in IP mode

1
inventory/sample/group_vars/k8s_cluster/k8s-net-calico.yml
View File

@ -11,6 +11,7 @@ calico_cni_name: k8s-pod-network
# Enables Internet connectivity from containers # Enables Internet connectivity from containers
# nat_outgoing: true # nat_outgoing: true
# nat_outgoing_ipv6: false
# Enables Calico CNI "host-local" IPAM plugin # Enables Calico CNI "host-local" IPAM plugin
# calico_ipam_host_local: true # calico_ipam_host_local: true

1
roles/network_plugin/calico_defaults/defaults/main.yml
View File

@ -4,6 +4,7 @@ calico_cni_name: k8s-pod-network
# Enables Internet connectivity from containers # Enables Internet connectivity from containers
nat_outgoing: true nat_outgoing: true
nat_outgoing_ipv6: false
# add default ippool name # add default ippool name
calico_pool_name: "default-pool" calico_pool_name: "default-pool"