SlideShare a Scribd company logo

Our experiences deploying kubernetes with IPv6

A
André Martins

Open Source Summit 2017 US presentation with a step by step tutorial how to deploy kubernetes running with IPv6 and Cilium.

1 of 79
Download to read offline
Our Experiences deploying Kubernetes with IPv6 André Martins (@aanm__) Software Engineer Covalent IO
What to expect from this talk? • Quick history of IPv6 • IPv6 in kubernetes – Can I run it? • Step by step tutorial + Demo
IPv6 history IPv4 is not enough? IETF - ROAD November 1991 IPv6 in Linux 2.6.12 (Stable) ~2005 No more IPv4 available! Let’s do NAT over NAT over NAT! >2008 Containers! Let’s do IPv4, what could go wrong? 2014 20 Years of IPv6 The year of IPv6? December 2018 IPv6 in Linux 2.1.8 (Alpha) ~1996 IPv6 was (re)born RFC 2460 December 1998 IPng was born RFC 1883 December 1995 IPv6 - Standard 86! RFC 8200 July 2017
A Kubernetes cluster on IPv6 ● Is it really worth it? ● Infrastructure? ● Kubernetes itself ○ Does it run? ○ Pods, Services and Ingress? ● Does my app / service work?
Kubernetes cluster Is it really worth it? Infrastructure
Kubernetes cluster Is it really worth it? Infrastructure
Kubernetes cluster Is it really worth it? Infrastructure
Kubernetes cluster Is it really worth it? Infrastructure
Kubernetes cluster Is it really worth it? Infrastructure Your house is not a datacenter* *unless it’s a start up
Kubernetes cluster Is it really worth it? Infrastructure Your house is not a datacenter* *unless it’s a start up
Kubernetes cluster Is it really worth it? Infrastructure Your house is not a datacenter* *unless it’s a start up
Kubernetes cluster Is it really worth it? Infrastructure Pets vs Cattle (again…) Your house has pets ● Frog - 192.168.0.1/24 ● Turtle - 192.168.0.2/24 ● Scared Rabbit - 192.168.0.3/24 ● Happy Dog - 192.168.0.4/24 ● Apathetic Cat - 192.168.0.5/24 ● Serious hamster - 192.168.0.6/24 ● Hypnotoad - 192.168.0.7/24
Kubernetes cluster Is it really worth it? Infrastructure Pets vs Cattle (again…) Your house has pets ● Frog - 192.168.0.1/24 ● Turtle - 192.168.0.2/24 ● Scared Rabbit - 192.168.0.3/24 ● Happy Dog - 192.168.0.4/24 ● Apathetic Cat - 192.168.0.5/24 ● Serious hamster - 192.168.0.6/24 ● Hypnotoad - 192.168.0.7/24 Your datacenter has cattle ● Cows - 10.0.0.0/8 ○ Black cows - 10.1.0.0/16 ○ Brown cows - 10.2.0.0/16 ○ White cows - 10.3.0.0/16 ● Sheeps - 172.16.0.0/12 ○ Excited Sheeps - 172.16.0.0/16 ○ Sleepy Sheeps - 172.17.0.0/16
Kubernetes cluster Is it really worth it? Infrastructure Pets vs Cattle (again…) Your house has pets ● Frog - 192.168.0.1/24 ● Turtle - 192.168.0.2/24 ● Scared Rabbit - 192.168.0.3/24 ● Happy Dog - 192.168.0.4/24 ● Apathetic Cat - 192.168.0.5/24 ● Serious hamster - 192.168.0.6/24 ● Hypnotoad - 192.168.0.7/24 Your datacenter has cattle containers ● Containers - 10.0.0.0/8 ○ Yellow - 10.1.0.0/16 ○ Orange - 10.2.0.0/16 ○ Red - 10.3.0.0/16 ○ Bordeaux - 10.4.0.0/16
Kubernetes cluster Is it really worth it? Infrastructure Pets vs Cattle (again…) Your house has pets ● Frog - 192.168.0.1/24 ● Turtle - 192.168.0.2/24 ● Scared Rabbit - 192.168.0.3/24 ● Happy Dog - 192.168.0.4/24 ● Apathetic Cat - 192.168.0.5/24 ● Serious hamster - 192.168.0.6/24 ● Hypnotoad - 192.168.0.7/24 Your datacenter has cattle lots of containers ● Containers - 10.0.0.0/8 ○ Yellow - 10.1.0.0/16 ○ Orange - 10.2.0.0/16 ○ Red - 10.3.0.0/16 ○ Bordeaux - 10.4.0.0/16 ○ Yellow 2 - 10.5.0.0/16
Kubernetes cluster Is it really worth it? Infrastructure Pets vs Cattle (again…) Your house has pets ● Frog - 192.168.0.1/24 ● Turtle - 192.168.0.2/24 ● Scared Rabbit - 192.168.0.3/24 ● Happy Dog - 192.168.0.4/24 ● Apathetic Cat - 192.168.0.5/24 ● Serious hamster - 192.168.0.6/24 ● Hypnotoad - 192.168.0.7/24 Your datacenter has cattle lots of more containers ● Containers - 10.0.0.0/8 ○ Yellow - 10.1.0.0/16 ○ Orange - 10.2.0.0/16 ○ Red - 10.3.0.0/16 ○ Bordeaux - 10.4.0.0/16 ○ Yellow 2 - 10.5.0.0/16 ○ Orange 2 - 10.6.0.0/16 ○ Blue 16 - 10.20.0.0/16
Kubernetes cluster Is it really worth it? Infrastructure Pets vs Cattle (again…) Your house has pets ● Frog - 192.168.0.1/24 ● Turtle - 192.168.0.2/24 ● Scared Rabbit - 192.168.0.3/24 ● Happy Dog - 192.168.0.4/24 ● Apathetic Cat - 192.168.0.5/24 ● Serious hamster - 192.168.0.6/24 ● Hypnotoad - 192.168.0.7/24 Your datacenter has cattle lots of more and more containers ● Containers - 10.0.0.0/8 ○ Yellow - 10.1.0.0/16 ○ Orange - 10.2.0.0/16 ○ Red - 10.3.0.0/16 ○ Bordeaux - 10.4.0.0/16 ○ Yellow 2 - 10.5.0.0/16 ○ Orange 2 - 10.6.0.0/16 ○ Blue 16 - 10.20.0.0/16 ErrNoIPv4 Please help
Kubernetes cluster Is it really worth it? Infrastructure Pets vs Cattle (again…) Your house has pets ● Frog - 192.168.0.1/24 ● Turtle - 192.168.0.2/24 ● Scared Rabbit - 192.168.0.3/24 ● Happy Dog - 192.168.0.4/24 ● Apathetic Cat - 192.168.0.5/24 ● Serious hamster - 192.168.0.6/24 ● Hypnotoad - 192.168.0.7/24 Your datacenter has cattle lots of more and more containers ● Containers - 10.0.0.0/8 ○ Yellow - 10.1.0.0/16 ○ Orange - 10.2.0.0/16 ○ Red - 10.3.0.0/16 ○ Bordeaux - 10.4.0.0/16 ○ Yellow 2 - 10.5.0.0/16 ○ Orange 2 - 10.6.0.0/16 ○ Blue 16 - 10.20.0.0/16 ErrNoIPv4 Please help No more IPv4s?! Let’s do NAT!
Kubernetes cluster Is it really worth it? Infrastructure Pets vs Cattle (again…) Your house has pets ● Frog - 192.168.0.1/24 ● Turtle - 192.168.0.2/24 ● Scared Rabbit - 192.168.0.3/24 ● Happy Dog - 192.168.0.4/24 ● Apathetic Cat - 192.168.0.5/24 ● Serious hamster - 192.168.0.6/24 ● Hypnotoad - 192.168.0.7/24 Your datacenter has cattle lots of more and more containers ● Containers - 10.0.0.0/8 ○ Yellow - 10.1.0.0/16 ○ Orange - 10.2.0.0/16 ○ Red - 10.3.0.0/16 ○ Bordeaux - 10.4.0.0/16 ○ Yellow 2 - 10.5.0.0/16 ○ Orange 2 - 10.6.0.0/16 ○ Blue 16 - 10.20.0.0/16 ErrNoIPv4 Please help No more IPv4s?! Let’s do NAT! NAT ISP
Is it really worth it? Infrastructure Kubernetes - Does it run? Let’s assemble our cluster Cloud 1. Does my OS support IPv6?... On premises
Is it really worth it? Infrastructure Kubernetes - Does it run? Let’s assemble our cluster Cloud 1. Does my OS support IPv6?... 2. Do my servers support IPv6?... 2. Do cloud providers support IPv6? ○ AWS ○ GCE On premises
Is it really worth it? Infrastructure Kubernetes - Does it run? Let’s assemble our cluster Cloud 1. Does my OS support IPv6?... 2. Do my servers support IPv6?... 3. Can and will my users use IPv6? 2. Do cloud providers support IPv6? ○ AWS ○ GCE On premises
Is it really worth it? Infrastructure Kubernetes - Does it run? Let’s assemble our cluster Cloud 1. Does my OS support IPv6?... 2. Do my servers support IPv6?... 3. Can and will my users use IPv6? 2. Do cloud providers support IPv6? ○ AWS ○ GCE On premises
Is it really worth it? Infrastructure Kubernetes - Does it run? Let’s assemble our cluster Cloud 1. Does my OS support IPv6?... 2. Do my servers support IPv6?... 3. Can and will my users use IPv6? 2. Do cloud providers support IPv6? ○ AWS ○ GCE On premises 1 in 5!
Is it really worth it? Infrastructure Kubernetes - Does it run? Let’s assemble our cluster Cloud 1. Does my OS support IPv6?... 2. Do my servers support IPv6?... 3. Can and will my users use IPv6? 2. Do cloud provides support IPv6? ○ AWS ○ GCE On premises 1 in 5!
Is it really worth it? Infrastructure Kubernetes - Does it run? Let’s go deep dive!
Is it really worth it? Infrastructure Kubernetes - Does it run? Kubernetes cheat sheet master controller-manager kube-apiserver kube-scheduler worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin)
Is it really worth it? Infrastructure Kubernetes - Does it run? 1 - etcd master worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) - 53 CLI options (etcd not etcdctl)
Is it really worth it? Infrastructure Kubernetes - Does it run? 1 - etcd master worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) - 53 CLI options (etcd not etcdctl) - 5 relevant for IPv6 - --advertise-client-urls 'http://localhost:2379' - --initial-advertise-peer-urls 'http://localhost:2380' - --initial-cluster 'default=http://localhost:2380' - --listen-client-urls 'http://localhost:2379' - --listen-peer-urls 'http://localhost:2380'
Is it really worth it? Infrastructure Kubernetes - Does it run? 1 - etcd master worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) - 53 CLI options (etcd not etcdctl) - 5 relevant for IPv6 - --advertise-client-urls 'http://localhost:2379' - --initial-advertise-peer-urls 'http://localhost:2380' - --initial-cluster 'default=http://localhost:2380' - --listen-client-urls 'http://localhost:2379' - --listen-peer-urls 'http://localhost:2380' - Solution: - “http://localhost:2380” -> “http://[::1]:2380”
Is it really worth it? Infrastructure Kubernetes - Does it run? 1 - etcd master worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) - 53 CLI options (etcd not etcdctl) - 5 relevant for IPv6 - --advertise-client-urls 'http://localhost:2379' - --initial-advertise-peer-urls 'http://localhost:2380' - --initial-cluster 'default=http://localhost:2380' - --listen-client-urls 'http://localhost:2379' - --listen-peer-urls 'http://localhost:2380' - Solution: - “http://localhost:2380” -> “http://[::1]:2380” - Is that simple? (Yes)
Is it really worth it? Infrastructure Kubernetes - Does it run? 1 - etcd master worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) - 53 CLI options (etcd not etcdctl) - 5 relevant for IPv6 - --advertise-client-urls 'http://localhost:2379' - --initial-advertise-peer-urls 'http://localhost:2380' - --initial-cluster 'default=http://localhost:2380' - --listen-client-urls 'http://localhost:2379' - --listen-peer-urls 'http://localhost:2380' - Solution: - “http://localhost:2380” -> “http://[::1]:2380” - Is that simple? (Yes) - What about https? (L4 != L3)
Is it really worth it? Infrastructure Kubernetes - Does it run? 1 - etcd master worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) - 53 CLI options (etcd not etcdctl) - 5 relevant for IPv6 - --advertise-client-urls 'http://localhost:2379' - --initial-advertise-peer-urls 'http://localhost:2380' - --initial-cluster 'default=http://localhost:2380' - --listen-client-urls 'http://localhost:2379' - --listen-peer-urls 'http://localhost:2380' - Solution: - “http://localhost:2380” -> “http://[::1]:2380” - Is that simple? (Yes) - What about https? (L4 != L3) - I meant the certificates! (Yes they are IPv6 aware)
Is it really worth it? Infrastructure Kubernetes - Does it run? 2 - kube-scheduler master controller-manager kube-apiserver kube-scheduler worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) - 32 CLI options
Is it really worth it? Infrastructure Kubernetes - Does it run? 2 - kube-scheduler master controller-manager kube-apiserver kube-scheduler worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) - 32 CLI options - ~3 relevant for IPv6 - --address '0.0.0.0’ - --master 'http://127.0.0.1:8080’ - (--kubeconfig)
Is it really worth it? Infrastructure Kubernetes - Does it run? 2 - kube-scheduler master controller-manager kube-apiserver kube-scheduler worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) - 32 CLI options - ~3 relevant for IPv6 - --address '0.0.0.0’ - --master 'http://127.0.0.1:8080’ - (--kubeconfig) - Solution: - “http://127.0.0.1:8080” -> “http://[::1]:8080”
Is it really worth it? Infrastructure Kubernetes - Does it run? 2 - kube-scheduler master controller-manager kube-apiserver kube-scheduler worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) - 32 CLI options - ~3 relevant for IPv6 - --address '0.0.0.0’ - --master 'http://127.0.0.1:8080’ - (--kubeconfig) - Solution: - “http://127.0.0.1:8080” -> “http://[::1]:8080” - “Simple” component
Is it really worth it? Infrastructure Kubernetes - Does it run? 3 - kube-apiserver master controller-manager kube-apiserver kube-scheduler worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) - 120 CLI options!
Is it really worth it? Infrastructure Kubernetes - Does it run? 3 - kube-apiserver master controller-manager kube-apiserver kube-scheduler worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) - 120 CLI options! - ~5 relevant for IPv6 - --advertise-address ip - --bind-address ‘0.0.0.0’ - --etcd-servers ‘stringSlice’ - --insecure-bind-address ‘0.0.0.0’ - --service-cluster-ip-range ipNet
Is it really worth it? Infrastructure Kubernetes - Does it run? 3 - kube-apiserver master controller-manager kube-apiserver kube-scheduler worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) - 120 CLI options! - ~5 relevant for IPv6 - --advertise-address ip - --bind-address ‘0.0.0.0’ - --etcd-servers ‘stringSlice’ - --insecure-bind-address ‘0.0.0.0’ - --service-cluster-ip-range ipNet - Solution: - “http://localhost:8080” -> “http://[::1]:8080” - --service-cluster-ip-range fd03::/112 fd03:0000:0000:0000:0000:0000:0000:0000/112
Is it really worth it? Infrastructure Kubernetes - Does it run? 3 - kube-apiserver master controller-manager kube-apiserver kube-scheduler worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) - 120 CLI options! - ~5 relevant for IPv6 - --advertise-address ip - --bind-address ‘0.0.0.0’ - --etcd-servers ‘stringSlice’ - --insecure-bind-address ‘0.0.0.0’ - --service-cluster-ip-range ipNet - Solution: - “http://localhost:8080” -> “http://[::1]:8080” - --service-cluster-ip-range fd03::/112 fd03:0000:0000:0000:0000:0000:0000:0000/112 frontend -> fd03::acde backend -> fd03::f00d kube-dns -> fd03::a (assigned by us)
Is it really worth it? Infrastructure Kubernetes - Does it run? 3 - kube-apiserver master controller-manager kube-apiserver kube-scheduler worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) - 120 CLI options! - ~5 relevant for IPv6 - --advertise-address ip - --bind-address ‘0.0.0.0’ - --etcd-servers ‘stringSlice’ - --insecure-bind-address ‘0.0.0.0’ - --service-cluster-ip-range ipNet - Solution: - “http://localhost:8080” -> “http://[::1]:8080” - --service-cluster-ip-range fd03::/112 fd03:0000:0000:0000:0000:0000:0000:0000/112 Do not try this at home with kubernetes < 1.8.0 https://github.com/kubernetes/kubernetes/pull/43586
Is it really worth it? Infrastructure Kubernetes - Does it run? 4 - controller-manager master worker 2 kubelet kube-proxy (cni plugin) controller-manager kube-apiserver kube-scheduler worker 1 kubelet kube-proxy (cni plugin) - 87 CLI options
Is it really worth it? Infrastructure Kubernetes - Does it run? 4 - controller-manager VM network subnet - fd00::/16 master - fd00::b/16 controller-manager kube-apiserver kube-scheduler worker 2 - fd00::d/16 kubelet kube-proxy (cni plugin) worker 1 - fd00::c/16 kubelet kube-proxy (cni plugin) - 87 CLI options - ~5 relevant for IPv6 - --address ‘(0.0.0.0)’ - --allocate-node-cidrs ‘true’ (default: false) - --cluster-cidr ‘fd02::/80’ - --node-cidr-mask-size ‘96’ - --service-cluster-ip-range ‘fd03::/112’
Is it really worth it? Infrastructure Kubernetes - Does it run? 4 - controller-manager physical cluster - fd00::/16 master - fd00::b/16 controller-manager kube-apiserver kube-scheduler worker 2 - fd00::d/16 kubelet kube-proxy (cni plugin) worker 1 - fd00::c/16 kubelet kube-proxy (cni plugin) services- fd03::/112 - 87 CLI options - ~5 relevant for IPv6 - --address ‘(0.0.0.0)’ - --allocate-node-cidrs ‘true’ (default: false) - --cluster-cidr ‘fd02::/80’ - --node-cidr-mask-size ‘96’ - --service-cluster-ip-range ‘fd03::/112’
Is it really worth it? Infrastructure Kubernetes - Does it run? 4 - controller-manager physical cluster - fd00::/16 master - fd00::b/16 controller-manager kube-apiserver kube-scheduler worker 2 - fd00::d/16 kubelet kube-proxy (cni plugin) worker 1 - fd00::c/16 kubelet kube-proxy (cni plugin) services- fd03::/112 pods (containers) - fd02::/80 - 87 CLI options - ~5 relevant for IPv6 - --address ‘(0.0.0.0)’ - --allocate-node-cidrs ‘true’ (default: false) - --cluster-cidr ‘fd02::/80’ - --node-cidr-mask-size ‘96’ - --service-cluster-ip-range ‘fd03::/112’
Is it really worth it? Infrastructure Kubernetes - Does it run? 4 - controller-manager physical cluster - fd00::/16 master - fd00::b/16 controller-manager kube-apiserver kube-scheduler worker 2 - fd00::d/16 kubelet kube-proxy (cni plugin) worker 1 - fd00::c/16 kubelet kube-proxy (cni plugin) services- fd03::/112 pods (containers) - fd02::/80 - 87 CLI options - ~5 relevant for IPv6 - --address ‘(0.0.0.0)’ - --allocate-node-cidrs ‘true’ (default: false) - --cluster-cidr ‘fd02::/80’ - --node-cidr-mask-size ‘96’ - --service-cluster-ip-range ‘fd03::/112’ Cluster CIDR fd02:0:0:0:0:0:0:0/80
Is it really worth it? Infrastructure Kubernetes - Does it run? 4 - controller-manager physical cluster - fd00::/16 master - fd00::b/16 controller-manager kube-apiserver kube-scheduler worker 2 - fd00::d/16 kubelet kube-proxy (cni plugin) worker 1 - fd00::c/16 kubelet kube-proxy (cni plugin) services- fd03::/112 pods (containers) - fd02::/80 - 87 CLI options - ~5 relevant for IPv6 - --address ‘(0.0.0.0)’ - --allocate-node-cidrs ‘true’ (default: false) - --cluster-cidr ‘fd02::/80’ - --node-cidr-mask-size ‘96’ - --service-cluster-ip-range ‘fd03::/112’ Cluster CIDR fd02:0:0:0:0:0:0:0/80 Pod CIDR - 1st node fd02:0:0:0:0:0:0:0/96
Is it really worth it? Infrastructure Kubernetes - Does it run? 4 - controller-manager physical cluster - fd00::/16 master - fd00::b/16 controller-manager kube-apiserver kube-scheduler worker 2 - fd00::d/16 kubelet kube-proxy (cni plugin) worker 1 - fd00::c/16 kubelet kube-proxy (cni plugin) services- fd03::/112 pods (containers) - fd02::/80 - 87 CLI options - ~5 relevant for IPv6 - --address ‘(0.0.0.0)’ - --allocate-node-cidrs ‘true’ (default: false) - --cluster-cidr ‘fd02::/80’ - --node-cidr-mask-size ‘96’ - --service-cluster-ip-range ‘fd03::/112’ Cluster CIDR fd02:0:0:0:0:0:0:0/80 Pod CIDR - 1st node fd02:0:0:0:0:0:0:0/96 fd02::/96
Is it really worth it? Infrastructure Kubernetes - Does it run? 4 - controller-manager physical cluster - fd00::/16 master - fd00::b/16 controller-manager kube-apiserver kube-scheduler worker 2 - fd00::d/16 kubelet kube-proxy (cni plugin) worker 1 - fd00::c/16 kubelet kube-proxy (cni plugin) services- fd03::/112 pods (containers) - fd02::/80 fd02::/96 fd02:0:0:0:0:1::/96 - 87 CLI options - ~5 relevant for IPv6 - --address ‘(0.0.0.0)’ - --allocate-node-cidrs ‘true’ (default: false) - --cluster-cidr ‘fd02::/80’ - --node-cidr-mask-size ‘96’ - --service-cluster-ip-range ‘fd03::/112’ Cluster CIDR fd02:0:0:0:0:0:0:0/80 Pod CIDR - 1st node fd02:0:0:0:0:0:0:0/96 Pod CIDR - 2nd node fd02:0:0:0:0:1:0:0/96
Is it really worth it? Infrastructure Kubernetes - Does it run? 4 - controller-manager physical cluster - fd00::/16 master - fd00::b/16 controller-manager kube-apiserver kube-scheduler worker 2 - fd00::d/16 kubelet kube-proxy (cni plugin) worker 1 - fd00::c/16 kubelet kube-proxy (cni plugin) services- fd03::/112 pods (containers) - fd02::/80 fd02::/96 fd02:0:0:0:0:1::/96 - 87 CLI options - ~5 relevant for IPv6 - --address ‘(0.0.0.0)’ - --allocate-node-cidrs ‘true’ (default: false) - --cluster-cidr ‘fd02::/80’ - --node-cidr-mask-size ‘96’ - --service-cluster-ip-range ‘fd03::/112’ Cluster CIDR fd02:0:0:0:0:0:0:0/80 Pod CIDR - 1st node fd02:0:0:0:0:0:0:0/96 Pod CIDR - 2nd node fd02:0:0:0:0:1:0:0/96 ... Pod CIDR - 65536th node fd02:0:0:0:0:ffff:0:0/96
Is it really worth it? Infrastructure Kubernetes - Does it run? 4 - controller-manager physical cluster - fd00::/16 master - fd00::b/16 controller-manager kube-apiserver kube-scheduler worker 2 - fd00::d/16 kubelet kube-proxy (cni plugin) worker 1 - fd00::c/16 kubelet kube-proxy (cni plugin) services- fd03::/112 pods (containers) - fd02::/80 fd02::/96 fd02:0:0:0:0:1::/96 - 87 CLI options - ~5 relevant for IPv6 - --address ‘(0.0.0.0)’ - --allocate-node-cidrs ‘true’ (default: false) - --cluster-cidr ‘fd02::/80’ - --node-cidr-mask-size ‘96’ - --service-cluster-ip-range ‘fd03::/112’ Cluster CIDR fd02:0:0:0:0:0:0:0/80 Pod CIDR - 1st node fd02:0:0:0:0:0:0:0/96 Pod CIDR - 2nd node fd02:0:0:0:0:1:0:0/96 ... Pod CIDR - 65536th node fd02:0:0:0:0:ffff:0:0/96
Is it really worth it? Infrastructure Kubernetes - Does it run? 5 - docker controller-manager kube-apiserver kube-scheduler worker 1 kubelet kube-proxy (cni plugin) - a runtime container - network plumbing made by: - libnetwork (IPv6 only with IPv4) - CNI blog.kubernetes.io/2016/01/why-Kubernetes-doesnt-use-libnetwork.html worker 2 kubelet kube-proxy (cni plugin)
Is it really worth it? Infrastructure Kubernetes - Does it run? 6 - cni plugin master worker 2 kubelet kube-proxy (cni plugin) controller-manager kube-apiserver kube-scheduler worker 1 kubelet kube-proxy (cni plugin) - choose your own flavour - cilium (IPv6 as a first-class citizen) - Pod addressing - --allocate-node-cidrs=true - --cluster-cidr fd02::/80 - --node-cidr-mask-size ‘96’ - Service routing
Is it really worth it? Infrastructure Kubernetes - Does it run? 7 - kube-proxy master worker 2 kubelet kube-proxy (cni plugin) controller-manager kube-apiserver kube-scheduler worker 1 kubelet kube-proxy (cni plugin) - No relevant options regarding IPv6 - Some CNI plugins rely on kube-proxy (not cilium)
Is it really worth it? Infrastructure Kubernetes - Does it run? 8 - kubelet master worker 2 kubelet kube-proxy (cni plugin) controller-manager kube-apiserver kube-scheduler worker 1 kubelet kube-proxy (cni plugin) - 160 CLI options (winner!) - ~3 relevant for IPv6 - --address (‘0.0.0.0’) - --cluster-dns (‘fd03::a’) - --node-ip (‘fd00::c’) - K8s PR #45551
Is it really worth it? Infrastructure Kubernetes - Does it run? Kubernetes cluster master worker 2 kubelet kube-proxy (cni plugin) controller-manager kube-apiserver kube-scheduler worker 1 kubelet kube-proxy (cni plugin)
Is it really worth it? Infrastructure Kubernetes - Does it run? Where’s kube-dns? master worker 2 kubelet kube-proxy (cni plugin) controller-manager kube-apiserver kube-scheduler worker 1 kubelet kube-proxy (cni plugin) (kube-dns) (kube-dns) - DNS for the k8s cluster - Serves all DNS requests
Is it really worth it? Infrastructure Kubernetes - Does it run? Where’s kube-dns? master worker 2 kubelet kube-proxy (cni plugin) controller-manager kube-apiserver kube-scheduler worker 1 kubelet kube-proxy (cni plugin) (kube-dns) (kube-dns) - DNS for the k8s cluster - Serves all DNS requests - Deployment k8s spec file - Service k8s spec file - 1 Change in Deployment file - probe for AAAA instead of A --probe=kubedns,[::1]:10053,kubernetes.default.svc.cluster.local,5,AAAA --probe=dnsmasq,[::1]:53,kubernetes.default.svc.cluster.local,5,AAAA
Is it really worth it? Infrastructure Kubernetes - Does it run? Where’s kube-dns? master worker 2 kubelet kube-proxy (cni plugin) controller-manager kube-apiserver kube-scheduler worker 1 kubelet kube-proxy (cni plugin) (kube-dns)
Is it really worth it? Infrastructure Kubernetes - Does it run? Where’s ingress? master worker 2 kubelet kube-proxy (cni plugin) controller-manager kube-apiserver kube-scheduler worker 1 kubelet kube-proxy (cni plugin) (kube-dns) - NGinx Ingress controller - Exposes your pods to the outside - Deployment k8s spec file - Service k8s spec file - No changes needed
Infrastructure Kubernetes - Does it run? Demo Where’s ingress? master worker 2 kubelet kube-proxy (cni plugin) controller-manager kube-apiserver kube-scheduler worker 1 kubelet kube-proxy (cni plugin) (kube-dns)
Kubernetes - Does it run? Demo Final thoughts Kubernetes cluster - demo! worker 2worker 1 kube-dns guestbook redis-masterredis-slave
Kubernetes - Does it run? Demo Final thoughts Kubernetes cluster - demo! worker 2worker 1 kube-dns guestbook redis-masterredis-slave
Kubernetes - Does it run? Demo Final thoughts Kubernetes cluster - demo! worker 2worker 1 kube-dns guestbook redis-masterredis-slave
Kubernetes - Does it run? Demo Final thoughts Kubernetes cluster - demo! worker 2worker 1 kube-dns guestbook redis-masterredis-slave
Kubernetes - Does it run? Demo Final thoughts Kubernetes cluster - demo! worker 2worker 1 kube-dns guestbook redis-masterredis-slave
Kubernetes - Does it run? Demo Final thoughts Kubernetes cluster - demo! worker 2worker 1 kube-dns guestbook redis-masterredis-slave
Kubernetes - Does it run? Demo Final thoughts Kubernetes cluster - demo! worker 2worker 1 kube-dns guestbook redis-masterredis-slave
Kubernetes - Does it run? Demo Final thoughts Kubernetes cluster - demo! worker 2worker 1 kube-dns guestbook redis-masterredis-slave
Kubernetes - Does it run? Demo Final thoughts Kubernetes cluster - demo! worker 2worker 1 kube-dns guestbook redis-masterredis-slave
Demo Final thoughts Questions? Final thoughts ● Kubernetes has lots of CLI options!
Demo Final thoughts Questions? Final thoughts ● Kubernetes has lots of CLI options! ● IPv6 is coming!
Demo Final thoughts Questions? Final thoughts ● Kubernetes has lots of CLI options! ● IPv6 is coming! ● Kubernetes is getting ready ○ TODO: ■ Dual stack! - GH #27398 ■ Kubelet’s node IP option with IPv6 - PR #45551 ■ Waive IPv6 prefix size limit for cluster CIDR - PR #52033 ■ Kubeadm
Demo Final thoughts Questions? Final thoughts ● Kubernetes has lots of CLI options! ● IPv6 is coming! ● Kubernetes is getting ready ○ TODO: ■ Dual stack! - GH #27398 ■ Kubelet’s node IP option with IPv6 - PR #45551 ■ Waive IPv6 prefix size limit for cluster CIDR - PR #52033 ■ Kubeadm ● Unless you try it you’ll never find out.
Final thoughts Questions? Cilium Thank You! Q & A Coming next… @ 2:50 pm in Diamond Ballroom 6 (this room) Cilium - Container Security and Networking Using BPF and XDP By Thomas Graf, Covalent André Martins DM on twitter: @aanm__ We are on Booth 501 https://www.cilium.io
Image links https://askgramps.org/files/2016/08/pets1.jpg https://ytimg.googleusercontent.com/vi/zQFH6oSuJ5s/0.jpg https://superuser.com/questions/43853/is-there-any-benefit-to-using-ipv6-on-my-home-netwo rk https://i.ytimg.com/vi/XbF-MBr0Vlk/maxresdefault.jpg https://cdn-images-1.medium.com/max/1280/1*k8n7Jx9UaLRAxum9HMp8nQ.png https://i2.wp.com/www.portaldelpuerto.cl/wp-content/uploads/2015/12/nota-2-4.jpg https://i.imgflip.com/1ufhx7.jpg https://static2.stuff.co.nz/1189425600/528/63528.jpg http://99percentinvisible.org/app/uploads/2015/09/Multicolored-containers-3144199355.jpg http://4.bp.blogspot.com/-BkvoGJR1g-s/VkDsq8dPk3I/AAAAAAAACCA/ct-WAkIvWGw/s640/ Unknown.jpg https://whitneymarquise.files.wordpress.com/2017/02/img_7041.jpg http://www.stickpng.com/assets/images/58480a44cef1014c0b5e4917.png http://sdtimes.com/wp-content/uploads/2017/01/0123.sdt-etcd.png https://peerigon.github.io/talks/2016-10-18-webandwine-introduction-to-docker/assets/large_ v-trans.png https://regmedia.co.uk/2015/06/15/silicon-valley-servers.jpg https://regmedia.co.uk/2015/06/15/silicon-valley-fire.jpg http://agnesforever.com.ng/wp-content/uploads/2015/10/Multi-Level-Marketing.jpg https://i2.wp.com/res.cloudinary.com/samcogan/image/upload/v1495227346/Virtual_machine _rkM2_P7ql_mldz0b.png?fit=512%2C512 https://pbs.twimg.com/profile_images/567774844322713600/tYoVju31.png https://i.pinimg.com/originals/b4/bc/fe/b4bcfe622564b100b664503322874d73.jpg https://pixabay.com/en/persons-users-multiple-three-red-23875/
Our experiences deploying kubernetes with IPv6

Recommended

Kubernetes networking
Kubernetes networkingKubernetes networking
Kubernetes networking
Sim Janghoon
 
Docker Container Orchestration
Docker Container OrchestrationDocker Container Orchestration
Docker Container Orchestration
Fernand Galiana
 
Mesos swam-kubernetes-vds-02062017
Mesos swam-kubernetes-vds-02062017Mesos swam-kubernetes-vds-02062017
Mesos swam-kubernetes-vds-02062017
Christophe Furmaniak
 
Paradigm shift in CI at PayPal with Docker and Mesos
Paradigm shift in CI at PayPal with Docker and MesosParadigm shift in CI at PayPal with Docker and Mesos
Paradigm shift in CI at PayPal with Docker and Mesos
Sathiya Narayanan
 
Microservices using relocatable Docker containers
Microservices using relocatable Docker containersMicroservices using relocatable Docker containers
Microservices using relocatable Docker containers
Mauricio Garavaglia
 
Ceph Day Amsterdam 2015 - Ceph over IPv6
Ceph Day Amsterdam 2015 - Ceph over IPv6 Ceph Day Amsterdam 2015 - Ceph over IPv6
Ceph Day Amsterdam 2015 - Ceph over IPv6
Ceph Community
 
My talk at Linux Piter 2015
My talk at Linux Piter 2015My talk at Linux Piter 2015
My talk at Linux Piter 2015
Alex Chistyakov
 
Kubinception: using Kubernetes to run Kubernetes
Kubinception: using Kubernetes to run Kubernetes Kubinception: using Kubernetes to run Kubernetes
Kubinception: using Kubernetes to run Kubernetes
OVHcloud
 

Recommended

Kubernetes networking
Kubernetes networkingKubernetes networking
Kubernetes networking
Sim Janghoon
 
Docker Container Orchestration
Docker Container OrchestrationDocker Container Orchestration
Docker Container Orchestration
Fernand Galiana
 
Mesos swam-kubernetes-vds-02062017
Mesos swam-kubernetes-vds-02062017Mesos swam-kubernetes-vds-02062017
Mesos swam-kubernetes-vds-02062017
Christophe Furmaniak
 
Paradigm shift in CI at PayPal with Docker and Mesos
Paradigm shift in CI at PayPal with Docker and MesosParadigm shift in CI at PayPal with Docker and Mesos
Paradigm shift in CI at PayPal with Docker and Mesos
Sathiya Narayanan
 
Microservices using relocatable Docker containers
Microservices using relocatable Docker containersMicroservices using relocatable Docker containers
Microservices using relocatable Docker containers
Mauricio Garavaglia
 
Ceph Day Amsterdam 2015 - Ceph over IPv6
Ceph Day Amsterdam 2015 - Ceph over IPv6 Ceph Day Amsterdam 2015 - Ceph over IPv6
Ceph Day Amsterdam 2015 - Ceph over IPv6
Ceph Community
 
My talk at Linux Piter 2015
My talk at Linux Piter 2015My talk at Linux Piter 2015
My talk at Linux Piter 2015
Alex Chistyakov
 
Kubinception: using Kubernetes to run Kubernetes
Kubinception: using Kubernetes to run Kubernetes Kubinception: using Kubernetes to run Kubernetes
Kubinception: using Kubernetes to run Kubernetes
OVHcloud
 
Cwmg
CwmgCwmg
Cwmg
nilamdoc
 
介绍 Percona 服务器 XtraDB 和 Xtrabackup
介绍 Percona 服务器 XtraDB 和 Xtrabackup介绍 Percona 服务器 XtraDB 和 Xtrabackup
介绍 Percona 服务器 XtraDB 和 Xtrabackup
YUCHENG HU
 
Networking in Kubernetes
Networking in KubernetesNetworking in Kubernetes
Networking in Kubernetes
Minhan Xia
 
Intro to Kubernetes & GitOps Workshop
Intro to Kubernetes & GitOps WorkshopIntro to Kubernetes & GitOps Workshop
Intro to Kubernetes & GitOps Workshop
Weaveworks
 
2016-JAN-28 -- High Performance Production Databases on Ceph
2016-JAN-28 -- High Performance Production Databases on Ceph2016-JAN-28 -- High Performance Production Databases on Ceph
2016-JAN-28 -- High Performance Production Databases on Ceph
Ceph Community
 
Tutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting routerTutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting router
Shu Sugimoto
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
Stanislav Pogrebnyak
 
Containerizing MongoDB with kubernetes
Containerizing MongoDB with kubernetesContainerizing MongoDB with kubernetes
Containerizing MongoDB with kubernetes
Brian McNamara
 
Boyd Hemphill (Tsunami) Geekfest
Boyd Hemphill (Tsunami) GeekfestBoyd Hemphill (Tsunami) Geekfest
Boyd Hemphill (Tsunami) Geekfest
W2O Group
 
Tectonic Summit 2016: Kubernetes 1.5 and Beyond
Tectonic Summit 2016: Kubernetes 1.5 and BeyondTectonic Summit 2016: Kubernetes 1.5 and Beyond
Tectonic Summit 2016: Kubernetes 1.5 and Beyond
CoreOS
 
CodiLime Tech Talk - Adam Kułagowski: IPv6 - introduction
CodiLime Tech Talk - Adam Kułagowski: IPv6 - introductionCodiLime Tech Talk - Adam Kułagowski: IPv6 - introduction
CodiLime Tech Talk - Adam Kułagowski: IPv6 - introduction
CodiLime
 
Heroku to Kubernetes & Gihub to Gitlab success story
Heroku to Kubernetes & Gihub to Gitlab success storyHeroku to Kubernetes & Gihub to Gitlab success story
Heroku to Kubernetes & Gihub to Gitlab success story
Jérémy Wimsingues
 
IPv6 in cellular networks - Jordi Palet
IPv6 in cellular networks - Jordi PaletIPv6 in cellular networks - Jordi Palet
IPv6 in cellular networks - Jordi Palet
Регистар националног Интернет домена Србије - РНИДС
 
Pinto+Stratopan+Love
Pinto+Stratopan+LovePinto+Stratopan+Love
Pinto+Stratopan+Love
Jeffrey Ryan Thalhammer
 
PLNOG 3: Fredy Kunzler - IPv6. Now!
PLNOG 3: Fredy Kunzler - IPv6. Now!PLNOG 3: Fredy Kunzler - IPv6. Now!
PLNOG 3: Fredy Kunzler - IPv6. Now!
PROIDEA
 
Kubernetes: Managed or Not Managed?
Kubernetes: Managed or Not Managed?Kubernetes: Managed or Not Managed?
Kubernetes: Managed or Not Managed?
Mathieu Herbert
 
Kubernetes 101 Workshop
Kubernetes 101 WorkshopKubernetes 101 Workshop
Kubernetes 101 Workshop
Bret McGowen - NYC Google Developer Advocate
 
Are we really ready to turn off IPv4?
Are we really ready to turn off IPv4?Are we really ready to turn off IPv4?
Are we really ready to turn off IPv4?
APNIC
 
Matt Franklin - Apache Software (Geekfest)
Matt Franklin - Apache Software (Geekfest)Matt Franklin - Apache Software (Geekfest)
Matt Franklin - Apache Software (Geekfest)
W2O Group
 
Embedding Qt
Embedding QtEmbedding Qt
Embedding Qt
FSCONS
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
tolgahangng
 

More Related Content

Similar to Our experiences deploying kubernetes with IPv6

Cwmg
CwmgCwmg
Cwmg
nilamdoc
 
介绍 Percona 服务器 XtraDB 和 Xtrabackup
介绍 Percona 服务器 XtraDB 和 Xtrabackup介绍 Percona 服务器 XtraDB 和 Xtrabackup
介绍 Percona 服务器 XtraDB 和 Xtrabackup
YUCHENG HU
 
Networking in Kubernetes
Networking in KubernetesNetworking in Kubernetes
Networking in Kubernetes
Minhan Xia
 
Intro to Kubernetes & GitOps Workshop
Intro to Kubernetes & GitOps WorkshopIntro to Kubernetes & GitOps Workshop
Intro to Kubernetes & GitOps Workshop
Weaveworks
 
2016-JAN-28 -- High Performance Production Databases on Ceph
2016-JAN-28 -- High Performance Production Databases on Ceph2016-JAN-28 -- High Performance Production Databases on Ceph
2016-JAN-28 -- High Performance Production Databases on Ceph
Ceph Community
 
Tutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting routerTutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting router
Shu Sugimoto
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
Stanislav Pogrebnyak
 
Containerizing MongoDB with kubernetes
Containerizing MongoDB with kubernetesContainerizing MongoDB with kubernetes
Containerizing MongoDB with kubernetes
Brian McNamara
 
Boyd Hemphill (Tsunami) Geekfest
Boyd Hemphill (Tsunami) GeekfestBoyd Hemphill (Tsunami) Geekfest
Boyd Hemphill (Tsunami) Geekfest
W2O Group
 
Tectonic Summit 2016: Kubernetes 1.5 and Beyond
Tectonic Summit 2016: Kubernetes 1.5 and BeyondTectonic Summit 2016: Kubernetes 1.5 and Beyond
Tectonic Summit 2016: Kubernetes 1.5 and Beyond
CoreOS
 
CodiLime Tech Talk - Adam Kułagowski: IPv6 - introduction
CodiLime Tech Talk - Adam Kułagowski: IPv6 - introductionCodiLime Tech Talk - Adam Kułagowski: IPv6 - introduction
CodiLime Tech Talk - Adam Kułagowski: IPv6 - introduction
CodiLime
 
Heroku to Kubernetes & Gihub to Gitlab success story
Heroku to Kubernetes & Gihub to Gitlab success storyHeroku to Kubernetes & Gihub to Gitlab success story
Heroku to Kubernetes & Gihub to Gitlab success story
Jérémy Wimsingues
 
IPv6 in cellular networks - Jordi Palet
IPv6 in cellular networks - Jordi PaletIPv6 in cellular networks - Jordi Palet
IPv6 in cellular networks - Jordi Palet
Регистар националног Интернет домена Србије - РНИДС
 
Pinto+Stratopan+Love
Pinto+Stratopan+LovePinto+Stratopan+Love
Pinto+Stratopan+Love
Jeffrey Ryan Thalhammer
 
PLNOG 3: Fredy Kunzler - IPv6. Now!
PLNOG 3: Fredy Kunzler - IPv6. Now!PLNOG 3: Fredy Kunzler - IPv6. Now!
PLNOG 3: Fredy Kunzler - IPv6. Now!
PROIDEA
 
Kubernetes: Managed or Not Managed?
Kubernetes: Managed or Not Managed?Kubernetes: Managed or Not Managed?
Kubernetes: Managed or Not Managed?
Mathieu Herbert
 
Kubernetes 101 Workshop
Kubernetes 101 WorkshopKubernetes 101 Workshop
Kubernetes 101 Workshop
Bret McGowen - NYC Google Developer Advocate
 
Are we really ready to turn off IPv4?
Are we really ready to turn off IPv4?Are we really ready to turn off IPv4?
Are we really ready to turn off IPv4?
APNIC
 
Matt Franklin - Apache Software (Geekfest)
Matt Franklin - Apache Software (Geekfest)Matt Franklin - Apache Software (Geekfest)
Matt Franklin - Apache Software (Geekfest)
W2O Group
 
Embedding Qt
Embedding QtEmbedding Qt
Embedding Qt
FSCONS
 

Similar to Our experiences deploying kubernetes with IPv6 (20)

Cwmg
CwmgCwmg
Cwmg
 
介绍 Percona 服务器 XtraDB 和 Xtrabackup
介绍 Percona 服务器 XtraDB 和 Xtrabackup介绍 Percona 服务器 XtraDB 和 Xtrabackup
介绍 Percona 服务器 XtraDB 和 Xtrabackup
 
Networking in Kubernetes
Networking in KubernetesNetworking in Kubernetes
Networking in Kubernetes
 
Intro to Kubernetes & GitOps Workshop
Intro to Kubernetes & GitOps WorkshopIntro to Kubernetes & GitOps Workshop
Intro to Kubernetes & GitOps Workshop
 
2016-JAN-28 -- High Performance Production Databases on Ceph
2016-JAN-28 -- High Performance Production Databases on Ceph2016-JAN-28 -- High Performance Production Databases on Ceph
2016-JAN-28 -- High Performance Production Databases on Ceph
 
Tutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting routerTutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting router
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
 
Containerizing MongoDB with kubernetes
Containerizing MongoDB with kubernetesContainerizing MongoDB with kubernetes
Containerizing MongoDB with kubernetes
 
Boyd Hemphill (Tsunami) Geekfest
Boyd Hemphill (Tsunami) GeekfestBoyd Hemphill (Tsunami) Geekfest
Boyd Hemphill (Tsunami) Geekfest
 
Tectonic Summit 2016: Kubernetes 1.5 and Beyond
Tectonic Summit 2016: Kubernetes 1.5 and BeyondTectonic Summit 2016: Kubernetes 1.5 and Beyond
Tectonic Summit 2016: Kubernetes 1.5 and Beyond
 
CodiLime Tech Talk - Adam Kułagowski: IPv6 - introduction
CodiLime Tech Talk - Adam Kułagowski: IPv6 - introductionCodiLime Tech Talk - Adam Kułagowski: IPv6 - introduction
CodiLime Tech Talk - Adam Kułagowski: IPv6 - introduction
 
Heroku to Kubernetes & Gihub to Gitlab success story
Heroku to Kubernetes & Gihub to Gitlab success storyHeroku to Kubernetes & Gihub to Gitlab success story
Heroku to Kubernetes & Gihub to Gitlab success story
 
IPv6 in cellular networks - Jordi Palet
IPv6 in cellular networks - Jordi PaletIPv6 in cellular networks - Jordi Palet
IPv6 in cellular networks - Jordi Palet
 
Pinto+Stratopan+Love
Pinto+Stratopan+LovePinto+Stratopan+Love
Pinto+Stratopan+Love
 
PLNOG 3: Fredy Kunzler - IPv6. Now!
PLNOG 3: Fredy Kunzler - IPv6. Now!PLNOG 3: Fredy Kunzler - IPv6. Now!
PLNOG 3: Fredy Kunzler - IPv6. Now!
 
Kubernetes: Managed or Not Managed?
Kubernetes: Managed or Not Managed?Kubernetes: Managed or Not Managed?
Kubernetes: Managed or Not Managed?
 
Kubernetes 101 Workshop
Kubernetes 101 WorkshopKubernetes 101 Workshop
Kubernetes 101 Workshop
 
Are we really ready to turn off IPv4?
Are we really ready to turn off IPv4?Are we really ready to turn off IPv4?
Are we really ready to turn off IPv4?
 
Matt Franklin - Apache Software (Geekfest)
Matt Franklin - Apache Software (Geekfest)Matt Franklin - Apache Software (Geekfest)
Matt Franklin - Apache Software (Geekfest)
 
Embedding Qt
Embedding QtEmbedding Qt
Embedding Qt
 

Recently uploaded

GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
tolgahangng
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
Zilliz
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
IndexBug
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
CAKE: Sharing Slices of Confidential Data on Blockchain
CAKE: Sharing Slices of Confidential Data on BlockchainCAKE: Sharing Slices of Confidential Data on Blockchain
CAKE: Sharing Slices of Confidential Data on Blockchain
Claudio Di Ciccio
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
Edge AI and Vision Alliance
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
Wouter Lemaire
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
kumardaparthi1024
 

Recently uploaded (20)

GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
CAKE: Sharing Slices of Confidential Data on Blockchain
CAKE: Sharing Slices of Confidential Data on BlockchainCAKE: Sharing Slices of Confidential Data on Blockchain
CAKE: Sharing Slices of Confidential Data on Blockchain
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
 

Our experiences deploying kubernetes with IPv6

  • 1.
  • 2. Our Experiences deploying Kubernetes with IPv6 André Martins (@aanm__) Software Engineer Covalent IO
  • 3. What to expect from this talk? • Quick history of IPv6 • IPv6 in kubernetes – Can I run it? • Step by step tutorial + Demo
  • 4. IPv6 history IPv4 is not enough? IETF - ROAD November 1991 IPv6 in Linux 2.6.12 (Stable) ~2005 No more IPv4 available! Let’s do NAT over NAT over NAT! >2008 Containers! Let’s do IPv4, what could go wrong? 2014 20 Years of IPv6 The year of IPv6? December 2018 IPv6 in Linux 2.1.8 (Alpha) ~1996 IPv6 was (re)born RFC 2460 December 1998 IPng was born RFC 1883 December 1995 IPv6 - Standard 86! RFC 8200 July 2017
  • 5. A Kubernetes cluster on IPv6 ● Is it really worth it? ● Infrastructure? ● Kubernetes itself ○ Does it run? ○ Pods, Services and Ingress? ● Does my app / service work?
  • 6. Kubernetes cluster Is it really worth it? Infrastructure
  • 7. Kubernetes cluster Is it really worth it? Infrastructure
  • 8. Kubernetes cluster Is it really worth it? Infrastructure
  • 9. Kubernetes cluster Is it really worth it? Infrastructure
  • 10. Kubernetes cluster Is it really worth it? Infrastructure Your house is not a datacenter* *unless it’s a start up
  • 11. Kubernetes cluster Is it really worth it? Infrastructure Your house is not a datacenter* *unless it’s a start up
  • 12. Kubernetes cluster Is it really worth it? Infrastructure Your house is not a datacenter* *unless it’s a start up
  • 13. Kubernetes cluster Is it really worth it? Infrastructure Pets vs Cattle (again…) Your house has pets ● Frog - 192.168.0.1/24 ● Turtle - 192.168.0.2/24 ● Scared Rabbit - 192.168.0.3/24 ● Happy Dog - 192.168.0.4/24 ● Apathetic Cat - 192.168.0.5/24 ● Serious hamster - 192.168.0.6/24 ● Hypnotoad - 192.168.0.7/24
  • 14. Kubernetes cluster Is it really worth it? Infrastructure Pets vs Cattle (again…) Your house has pets ● Frog - 192.168.0.1/24 ● Turtle - 192.168.0.2/24 ● Scared Rabbit - 192.168.0.3/24 ● Happy Dog - 192.168.0.4/24 ● Apathetic Cat - 192.168.0.5/24 ● Serious hamster - 192.168.0.6/24 ● Hypnotoad - 192.168.0.7/24 Your datacenter has cattle ● Cows - 10.0.0.0/8 ○ Black cows - 10.1.0.0/16 ○ Brown cows - 10.2.0.0/16 ○ White cows - 10.3.0.0/16 ● Sheeps - 172.16.0.0/12 ○ Excited Sheeps - 172.16.0.0/16 ○ Sleepy Sheeps - 172.17.0.0/16
  • 15. Kubernetes cluster Is it really worth it? Infrastructure Pets vs Cattle (again…) Your house has pets ● Frog - 192.168.0.1/24 ● Turtle - 192.168.0.2/24 ● Scared Rabbit - 192.168.0.3/24 ● Happy Dog - 192.168.0.4/24 ● Apathetic Cat - 192.168.0.5/24 ● Serious hamster - 192.168.0.6/24 ● Hypnotoad - 192.168.0.7/24 Your datacenter has cattle containers ● Containers - 10.0.0.0/8 ○ Yellow - 10.1.0.0/16 ○ Orange - 10.2.0.0/16 ○ Red - 10.3.0.0/16 ○ Bordeaux - 10.4.0.0/16
  • 16. Kubernetes cluster Is it really worth it? Infrastructure Pets vs Cattle (again…) Your house has pets ● Frog - 192.168.0.1/24 ● Turtle - 192.168.0.2/24 ● Scared Rabbit - 192.168.0.3/24 ● Happy Dog - 192.168.0.4/24 ● Apathetic Cat - 192.168.0.5/24 ● Serious hamster - 192.168.0.6/24 ● Hypnotoad - 192.168.0.7/24 Your datacenter has cattle lots of containers ● Containers - 10.0.0.0/8 ○ Yellow - 10.1.0.0/16 ○ Orange - 10.2.0.0/16 ○ Red - 10.3.0.0/16 ○ Bordeaux - 10.4.0.0/16 ○ Yellow 2 - 10.5.0.0/16
  • 17. Kubernetes cluster Is it really worth it? Infrastructure Pets vs Cattle (again…) Your house has pets ● Frog - 192.168.0.1/24 ● Turtle - 192.168.0.2/24 ● Scared Rabbit - 192.168.0.3/24 ● Happy Dog - 192.168.0.4/24 ● Apathetic Cat - 192.168.0.5/24 ● Serious hamster - 192.168.0.6/24 ● Hypnotoad - 192.168.0.7/24 Your datacenter has cattle lots of more containers ● Containers - 10.0.0.0/8 ○ Yellow - 10.1.0.0/16 ○ Orange - 10.2.0.0/16 ○ Red - 10.3.0.0/16 ○ Bordeaux - 10.4.0.0/16 ○ Yellow 2 - 10.5.0.0/16 ○ Orange 2 - 10.6.0.0/16 ○ Blue 16 - 10.20.0.0/16
  • 18. Kubernetes cluster Is it really worth it? Infrastructure Pets vs Cattle (again…) Your house has pets ● Frog - 192.168.0.1/24 ● Turtle - 192.168.0.2/24 ● Scared Rabbit - 192.168.0.3/24 ● Happy Dog - 192.168.0.4/24 ● Apathetic Cat - 192.168.0.5/24 ● Serious hamster - 192.168.0.6/24 ● Hypnotoad - 192.168.0.7/24 Your datacenter has cattle lots of more and more containers ● Containers - 10.0.0.0/8 ○ Yellow - 10.1.0.0/16 ○ Orange - 10.2.0.0/16 ○ Red - 10.3.0.0/16 ○ Bordeaux - 10.4.0.0/16 ○ Yellow 2 - 10.5.0.0/16 ○ Orange 2 - 10.6.0.0/16 ○ Blue 16 - 10.20.0.0/16 ErrNoIPv4 Please help
  • 19. Kubernetes cluster Is it really worth it? Infrastructure Pets vs Cattle (again…) Your house has pets ● Frog - 192.168.0.1/24 ● Turtle - 192.168.0.2/24 ● Scared Rabbit - 192.168.0.3/24 ● Happy Dog - 192.168.0.4/24 ● Apathetic Cat - 192.168.0.5/24 ● Serious hamster - 192.168.0.6/24 ● Hypnotoad - 192.168.0.7/24 Your datacenter has cattle lots of more and more containers ● Containers - 10.0.0.0/8 ○ Yellow - 10.1.0.0/16 ○ Orange - 10.2.0.0/16 ○ Red - 10.3.0.0/16 ○ Bordeaux - 10.4.0.0/16 ○ Yellow 2 - 10.5.0.0/16 ○ Orange 2 - 10.6.0.0/16 ○ Blue 16 - 10.20.0.0/16 ErrNoIPv4 Please help No more IPv4s?! Let’s do NAT!
  • 20. Kubernetes cluster Is it really worth it? Infrastructure Pets vs Cattle (again…) Your house has pets ● Frog - 192.168.0.1/24 ● Turtle - 192.168.0.2/24 ● Scared Rabbit - 192.168.0.3/24 ● Happy Dog - 192.168.0.4/24 ● Apathetic Cat - 192.168.0.5/24 ● Serious hamster - 192.168.0.6/24 ● Hypnotoad - 192.168.0.7/24 Your datacenter has cattle lots of more and more containers ● Containers - 10.0.0.0/8 ○ Yellow - 10.1.0.0/16 ○ Orange - 10.2.0.0/16 ○ Red - 10.3.0.0/16 ○ Bordeaux - 10.4.0.0/16 ○ Yellow 2 - 10.5.0.0/16 ○ Orange 2 - 10.6.0.0/16 ○ Blue 16 - 10.20.0.0/16 ErrNoIPv4 Please help No more IPv4s?! Let’s do NAT! NAT ISP
  • 21. Is it really worth it? Infrastructure Kubernetes - Does it run? Let’s assemble our cluster Cloud 1. Does my OS support IPv6?... On premises
  • 22. Is it really worth it? Infrastructure Kubernetes - Does it run? Let’s assemble our cluster Cloud 1. Does my OS support IPv6?... 2. Do my servers support IPv6?... 2. Do cloud providers support IPv6? ○ AWS ○ GCE On premises
  • 23. Is it really worth it? Infrastructure Kubernetes - Does it run? Let’s assemble our cluster Cloud 1. Does my OS support IPv6?... 2. Do my servers support IPv6?... 3. Can and will my users use IPv6? 2. Do cloud providers support IPv6? ○ AWS ○ GCE On premises
  • 24. Is it really worth it? Infrastructure Kubernetes - Does it run? Let’s assemble our cluster Cloud 1. Does my OS support IPv6?... 2. Do my servers support IPv6?... 3. Can and will my users use IPv6? 2. Do cloud providers support IPv6? ○ AWS ○ GCE On premises
  • 25. Is it really worth it? Infrastructure Kubernetes - Does it run? Let’s assemble our cluster Cloud 1. Does my OS support IPv6?... 2. Do my servers support IPv6?... 3. Can and will my users use IPv6? 2. Do cloud providers support IPv6? ○ AWS ○ GCE On premises 1 in 5!
  • 26. Is it really worth it? Infrastructure Kubernetes - Does it run? Let’s assemble our cluster Cloud 1. Does my OS support IPv6?... 2. Do my servers support IPv6?... 3. Can and will my users use IPv6? 2. Do cloud provides support IPv6? ○ AWS ○ GCE On premises 1 in 5!
  • 27. Is it really worth it? Infrastructure Kubernetes - Does it run? Let’s go deep dive!
  • 28. Is it really worth it? Infrastructure Kubernetes - Does it run? Kubernetes cheat sheet master controller-manager kube-apiserver kube-scheduler worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin)
  • 29. Is it really worth it? Infrastructure Kubernetes - Does it run? 1 - etcd master worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) - 53 CLI options (etcd not etcdctl)
  • 30. Is it really worth it? Infrastructure Kubernetes - Does it run? 1 - etcd master worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) - 53 CLI options (etcd not etcdctl) - 5 relevant for IPv6 - --advertise-client-urls 'http://localhost:2379' - --initial-advertise-peer-urls 'http://localhost:2380' - --initial-cluster 'default=http://localhost:2380' - --listen-client-urls 'http://localhost:2379' - --listen-peer-urls 'http://localhost:2380'
  • 31. Is it really worth it? Infrastructure Kubernetes - Does it run? 1 - etcd master worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) - 53 CLI options (etcd not etcdctl) - 5 relevant for IPv6 - --advertise-client-urls 'http://localhost:2379' - --initial-advertise-peer-urls 'http://localhost:2380' - --initial-cluster 'default=http://localhost:2380' - --listen-client-urls 'http://localhost:2379' - --listen-peer-urls 'http://localhost:2380' - Solution: - “http://localhost:2380” -> “http://[::1]:2380”
  • 32. Is it really worth it? Infrastructure Kubernetes - Does it run? 1 - etcd master worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) - 53 CLI options (etcd not etcdctl) - 5 relevant for IPv6 - --advertise-client-urls 'http://localhost:2379' - --initial-advertise-peer-urls 'http://localhost:2380' - --initial-cluster 'default=http://localhost:2380' - --listen-client-urls 'http://localhost:2379' - --listen-peer-urls 'http://localhost:2380' - Solution: - “http://localhost:2380” -> “http://[::1]:2380” - Is that simple? (Yes)
  • 33. Is it really worth it? Infrastructure Kubernetes - Does it run? 1 - etcd master worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) - 53 CLI options (etcd not etcdctl) - 5 relevant for IPv6 - --advertise-client-urls 'http://localhost:2379' - --initial-advertise-peer-urls 'http://localhost:2380' - --initial-cluster 'default=http://localhost:2380' - --listen-client-urls 'http://localhost:2379' - --listen-peer-urls 'http://localhost:2380' - Solution: - “http://localhost:2380” -> “http://[::1]:2380” - Is that simple? (Yes) - What about https? (L4 != L3)
  • 34. Is it really worth it? Infrastructure Kubernetes - Does it run? 1 - etcd master worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) - 53 CLI options (etcd not etcdctl) - 5 relevant for IPv6 - --advertise-client-urls 'http://localhost:2379' - --initial-advertise-peer-urls 'http://localhost:2380' - --initial-cluster 'default=http://localhost:2380' - --listen-client-urls 'http://localhost:2379' - --listen-peer-urls 'http://localhost:2380' - Solution: - “http://localhost:2380” -> “http://[::1]:2380” - Is that simple? (Yes) - What about https? (L4 != L3) - I meant the certificates! (Yes they are IPv6 aware)
  • 35. Is it really worth it? Infrastructure Kubernetes - Does it run? 2 - kube-scheduler master controller-manager kube-apiserver kube-scheduler worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) - 32 CLI options
  • 36. Is it really worth it? Infrastructure Kubernetes - Does it run? 2 - kube-scheduler master controller-manager kube-apiserver kube-scheduler worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) - 32 CLI options - ~3 relevant for IPv6 - --address '0.0.0.0’ - --master 'http://127.0.0.1:8080’ - (--kubeconfig)
  • 37. Is it really worth it? Infrastructure Kubernetes - Does it run? 2 - kube-scheduler master controller-manager kube-apiserver kube-scheduler worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) - 32 CLI options - ~3 relevant for IPv6 - --address '0.0.0.0’ - --master 'http://127.0.0.1:8080’ - (--kubeconfig) - Solution: - “http://127.0.0.1:8080” -> “http://[::1]:8080”
  • 38. Is it really worth it? Infrastructure Kubernetes - Does it run? 2 - kube-scheduler master controller-manager kube-apiserver kube-scheduler worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) - 32 CLI options - ~3 relevant for IPv6 - --address '0.0.0.0’ - --master 'http://127.0.0.1:8080’ - (--kubeconfig) - Solution: - “http://127.0.0.1:8080” -> “http://[::1]:8080” - “Simple” component
  • 39. Is it really worth it? Infrastructure Kubernetes - Does it run? 3 - kube-apiserver master controller-manager kube-apiserver kube-scheduler worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) - 120 CLI options!
  • 40. Is it really worth it? Infrastructure Kubernetes - Does it run? 3 - kube-apiserver master controller-manager kube-apiserver kube-scheduler worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) - 120 CLI options! - ~5 relevant for IPv6 - --advertise-address ip - --bind-address ‘0.0.0.0’ - --etcd-servers ‘stringSlice’ - --insecure-bind-address ‘0.0.0.0’ - --service-cluster-ip-range ipNet
  • 41. Is it really worth it? Infrastructure Kubernetes - Does it run? 3 - kube-apiserver master controller-manager kube-apiserver kube-scheduler worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) - 120 CLI options! - ~5 relevant for IPv6 - --advertise-address ip - --bind-address ‘0.0.0.0’ - --etcd-servers ‘stringSlice’ - --insecure-bind-address ‘0.0.0.0’ - --service-cluster-ip-range ipNet - Solution: - “http://localhost:8080” -> “http://[::1]:8080” - --service-cluster-ip-range fd03::/112 fd03:0000:0000:0000:0000:0000:0000:0000/112
  • 42. Is it really worth it? Infrastructure Kubernetes - Does it run? 3 - kube-apiserver master controller-manager kube-apiserver kube-scheduler worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) - 120 CLI options! - ~5 relevant for IPv6 - --advertise-address ip - --bind-address ‘0.0.0.0’ - --etcd-servers ‘stringSlice’ - --insecure-bind-address ‘0.0.0.0’ - --service-cluster-ip-range ipNet - Solution: - “http://localhost:8080” -> “http://[::1]:8080” - --service-cluster-ip-range fd03::/112 fd03:0000:0000:0000:0000:0000:0000:0000/112 frontend -> fd03::acde backend -> fd03::f00d kube-dns -> fd03::a (assigned by us)
  • 43. Is it really worth it? Infrastructure Kubernetes - Does it run? 3 - kube-apiserver master controller-manager kube-apiserver kube-scheduler worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) worker kubelet kube-proxy (cni plugin) - 120 CLI options! - ~5 relevant for IPv6 - --advertise-address ip - --bind-address ‘0.0.0.0’ - --etcd-servers ‘stringSlice’ - --insecure-bind-address ‘0.0.0.0’ - --service-cluster-ip-range ipNet - Solution: - “http://localhost:8080” -> “http://[::1]:8080” - --service-cluster-ip-range fd03::/112 fd03:0000:0000:0000:0000:0000:0000:0000/112 Do not try this at home with kubernetes < 1.8.0 https://github.com/kubernetes/kubernetes/pull/43586
  • 44. Is it really worth it? Infrastructure Kubernetes - Does it run? 4 - controller-manager master worker 2 kubelet kube-proxy (cni plugin) controller-manager kube-apiserver kube-scheduler worker 1 kubelet kube-proxy (cni plugin) - 87 CLI options
  • 45. Is it really worth it? Infrastructure Kubernetes - Does it run? 4 - controller-manager VM network subnet - fd00::/16 master - fd00::b/16 controller-manager kube-apiserver kube-scheduler worker 2 - fd00::d/16 kubelet kube-proxy (cni plugin) worker 1 - fd00::c/16 kubelet kube-proxy (cni plugin) - 87 CLI options - ~5 relevant for IPv6 - --address ‘(0.0.0.0)’ - --allocate-node-cidrs ‘true’ (default: false) - --cluster-cidr ‘fd02::/80’ - --node-cidr-mask-size ‘96’ - --service-cluster-ip-range ‘fd03::/112’
  • 46. Is it really worth it? Infrastructure Kubernetes - Does it run? 4 - controller-manager physical cluster - fd00::/16 master - fd00::b/16 controller-manager kube-apiserver kube-scheduler worker 2 - fd00::d/16 kubelet kube-proxy (cni plugin) worker 1 - fd00::c/16 kubelet kube-proxy (cni plugin) services- fd03::/112 - 87 CLI options - ~5 relevant for IPv6 - --address ‘(0.0.0.0)’ - --allocate-node-cidrs ‘true’ (default: false) - --cluster-cidr ‘fd02::/80’ - --node-cidr-mask-size ‘96’ - --service-cluster-ip-range ‘fd03::/112’
  • 47. Is it really worth it? Infrastructure Kubernetes - Does it run? 4 - controller-manager physical cluster - fd00::/16 master - fd00::b/16 controller-manager kube-apiserver kube-scheduler worker 2 - fd00::d/16 kubelet kube-proxy (cni plugin) worker 1 - fd00::c/16 kubelet kube-proxy (cni plugin) services- fd03::/112 pods (containers) - fd02::/80 - 87 CLI options - ~5 relevant for IPv6 - --address ‘(0.0.0.0)’ - --allocate-node-cidrs ‘true’ (default: false) - --cluster-cidr ‘fd02::/80’ - --node-cidr-mask-size ‘96’ - --service-cluster-ip-range ‘fd03::/112’
  • 48. Is it really worth it? Infrastructure Kubernetes - Does it run? 4 - controller-manager physical cluster - fd00::/16 master - fd00::b/16 controller-manager kube-apiserver kube-scheduler worker 2 - fd00::d/16 kubelet kube-proxy (cni plugin) worker 1 - fd00::c/16 kubelet kube-proxy (cni plugin) services- fd03::/112 pods (containers) - fd02::/80 - 87 CLI options - ~5 relevant for IPv6 - --address ‘(0.0.0.0)’ - --allocate-node-cidrs ‘true’ (default: false) - --cluster-cidr ‘fd02::/80’ - --node-cidr-mask-size ‘96’ - --service-cluster-ip-range ‘fd03::/112’ Cluster CIDR fd02:0:0:0:0:0:0:0/80
  • 49. Is it really worth it? Infrastructure Kubernetes - Does it run? 4 - controller-manager physical cluster - fd00::/16 master - fd00::b/16 controller-manager kube-apiserver kube-scheduler worker 2 - fd00::d/16 kubelet kube-proxy (cni plugin) worker 1 - fd00::c/16 kubelet kube-proxy (cni plugin) services- fd03::/112 pods (containers) - fd02::/80 - 87 CLI options - ~5 relevant for IPv6 - --address ‘(0.0.0.0)’ - --allocate-node-cidrs ‘true’ (default: false) - --cluster-cidr ‘fd02::/80’ - --node-cidr-mask-size ‘96’ - --service-cluster-ip-range ‘fd03::/112’ Cluster CIDR fd02:0:0:0:0:0:0:0/80 Pod CIDR - 1st node fd02:0:0:0:0:0:0:0/96
  • 50. Is it really worth it? Infrastructure Kubernetes - Does it run? 4 - controller-manager physical cluster - fd00::/16 master - fd00::b/16 controller-manager kube-apiserver kube-scheduler worker 2 - fd00::d/16 kubelet kube-proxy (cni plugin) worker 1 - fd00::c/16 kubelet kube-proxy (cni plugin) services- fd03::/112 pods (containers) - fd02::/80 - 87 CLI options - ~5 relevant for IPv6 - --address ‘(0.0.0.0)’ - --allocate-node-cidrs ‘true’ (default: false) - --cluster-cidr ‘fd02::/80’ - --node-cidr-mask-size ‘96’ - --service-cluster-ip-range ‘fd03::/112’ Cluster CIDR fd02:0:0:0:0:0:0:0/80 Pod CIDR - 1st node fd02:0:0:0:0:0:0:0/96 fd02::/96
  • 51. Is it really worth it? Infrastructure Kubernetes - Does it run? 4 - controller-manager physical cluster - fd00::/16 master - fd00::b/16 controller-manager kube-apiserver kube-scheduler worker 2 - fd00::d/16 kubelet kube-proxy (cni plugin) worker 1 - fd00::c/16 kubelet kube-proxy (cni plugin) services- fd03::/112 pods (containers) - fd02::/80 fd02::/96 fd02:0:0:0:0:1::/96 - 87 CLI options - ~5 relevant for IPv6 - --address ‘(0.0.0.0)’ - --allocate-node-cidrs ‘true’ (default: false) - --cluster-cidr ‘fd02::/80’ - --node-cidr-mask-size ‘96’ - --service-cluster-ip-range ‘fd03::/112’ Cluster CIDR fd02:0:0:0:0:0:0:0/80 Pod CIDR - 1st node fd02:0:0:0:0:0:0:0/96 Pod CIDR - 2nd node fd02:0:0:0:0:1:0:0/96
  • 52. Is it really worth it? Infrastructure Kubernetes - Does it run? 4 - controller-manager physical cluster - fd00::/16 master - fd00::b/16 controller-manager kube-apiserver kube-scheduler worker 2 - fd00::d/16 kubelet kube-proxy (cni plugin) worker 1 - fd00::c/16 kubelet kube-proxy (cni plugin) services- fd03::/112 pods (containers) - fd02::/80 fd02::/96 fd02:0:0:0:0:1::/96 - 87 CLI options - ~5 relevant for IPv6 - --address ‘(0.0.0.0)’ - --allocate-node-cidrs ‘true’ (default: false) - --cluster-cidr ‘fd02::/80’ - --node-cidr-mask-size ‘96’ - --service-cluster-ip-range ‘fd03::/112’ Cluster CIDR fd02:0:0:0:0:0:0:0/80 Pod CIDR - 1st node fd02:0:0:0:0:0:0:0/96 Pod CIDR - 2nd node fd02:0:0:0:0:1:0:0/96 ... Pod CIDR - 65536th node fd02:0:0:0:0:ffff:0:0/96
  • 53. Is it really worth it? Infrastructure Kubernetes - Does it run? 4 - controller-manager physical cluster - fd00::/16 master - fd00::b/16 controller-manager kube-apiserver kube-scheduler worker 2 - fd00::d/16 kubelet kube-proxy (cni plugin) worker 1 - fd00::c/16 kubelet kube-proxy (cni plugin) services- fd03::/112 pods (containers) - fd02::/80 fd02::/96 fd02:0:0:0:0:1::/96 - 87 CLI options - ~5 relevant for IPv6 - --address ‘(0.0.0.0)’ - --allocate-node-cidrs ‘true’ (default: false) - --cluster-cidr ‘fd02::/80’ - --node-cidr-mask-size ‘96’ - --service-cluster-ip-range ‘fd03::/112’ Cluster CIDR fd02:0:0:0:0:0:0:0/80 Pod CIDR - 1st node fd02:0:0:0:0:0:0:0/96 Pod CIDR - 2nd node fd02:0:0:0:0:1:0:0/96 ... Pod CIDR - 65536th node fd02:0:0:0:0:ffff:0:0/96
  • 54. Is it really worth it? Infrastructure Kubernetes - Does it run? 5 - docker controller-manager kube-apiserver kube-scheduler worker 1 kubelet kube-proxy (cni plugin) - a runtime container - network plumbing made by: - libnetwork (IPv6 only with IPv4) - CNI blog.kubernetes.io/2016/01/why-Kubernetes-doesnt-use-libnetwork.html worker 2 kubelet kube-proxy (cni plugin)
  • 55. Is it really worth it? Infrastructure Kubernetes - Does it run? 6 - cni plugin master worker 2 kubelet kube-proxy (cni plugin) controller-manager kube-apiserver kube-scheduler worker 1 kubelet kube-proxy (cni plugin) - choose your own flavour - cilium (IPv6 as a first-class citizen) - Pod addressing - --allocate-node-cidrs=true - --cluster-cidr fd02::/80 - --node-cidr-mask-size ‘96’ - Service routing
  • 56. Is it really worth it? Infrastructure Kubernetes - Does it run? 7 - kube-proxy master worker 2 kubelet kube-proxy (cni plugin) controller-manager kube-apiserver kube-scheduler worker 1 kubelet kube-proxy (cni plugin) - No relevant options regarding IPv6 - Some CNI plugins rely on kube-proxy (not cilium)
  • 57. Is it really worth it? Infrastructure Kubernetes - Does it run? 8 - kubelet master worker 2 kubelet kube-proxy (cni plugin) controller-manager kube-apiserver kube-scheduler worker 1 kubelet kube-proxy (cni plugin) - 160 CLI options (winner!) - ~3 relevant for IPv6 - --address (‘0.0.0.0’) - --cluster-dns (‘fd03::a’) - --node-ip (‘fd00::c’) - K8s PR #45551
  • 58. Is it really worth it? Infrastructure Kubernetes - Does it run? Kubernetes cluster master worker 2 kubelet kube-proxy (cni plugin) controller-manager kube-apiserver kube-scheduler worker 1 kubelet kube-proxy (cni plugin)
  • 59. Is it really worth it? Infrastructure Kubernetes - Does it run? Where’s kube-dns? master worker 2 kubelet kube-proxy (cni plugin) controller-manager kube-apiserver kube-scheduler worker 1 kubelet kube-proxy (cni plugin) (kube-dns) (kube-dns) - DNS for the k8s cluster - Serves all DNS requests
  • 60. Is it really worth it? Infrastructure Kubernetes - Does it run? Where’s kube-dns? master worker 2 kubelet kube-proxy (cni plugin) controller-manager kube-apiserver kube-scheduler worker 1 kubelet kube-proxy (cni plugin) (kube-dns) (kube-dns) - DNS for the k8s cluster - Serves all DNS requests - Deployment k8s spec file - Service k8s spec file - 1 Change in Deployment file - probe for AAAA instead of A --probe=kubedns,[::1]:10053,kubernetes.default.svc.cluster.local,5,AAAA --probe=dnsmasq,[::1]:53,kubernetes.default.svc.cluster.local,5,AAAA
  • 61. Is it really worth it? Infrastructure Kubernetes - Does it run? Where’s kube-dns? master worker 2 kubelet kube-proxy (cni plugin) controller-manager kube-apiserver kube-scheduler worker 1 kubelet kube-proxy (cni plugin) (kube-dns)
  • 62. Is it really worth it? Infrastructure Kubernetes - Does it run? Where’s ingress? master worker 2 kubelet kube-proxy (cni plugin) controller-manager kube-apiserver kube-scheduler worker 1 kubelet kube-proxy (cni plugin) (kube-dns) - NGinx Ingress controller - Exposes your pods to the outside - Deployment k8s spec file - Service k8s spec file - No changes needed
  • 63. Infrastructure Kubernetes - Does it run? Demo Where’s ingress? master worker 2 kubelet kube-proxy (cni plugin) controller-manager kube-apiserver kube-scheduler worker 1 kubelet kube-proxy (cni plugin) (kube-dns)
  • 64. Kubernetes - Does it run? Demo Final thoughts Kubernetes cluster - demo! worker 2worker 1 kube-dns guestbook redis-masterredis-slave
  • 65. Kubernetes - Does it run? Demo Final thoughts Kubernetes cluster - demo! worker 2worker 1 kube-dns guestbook redis-masterredis-slave
  • 66. Kubernetes - Does it run? Demo Final thoughts Kubernetes cluster - demo! worker 2worker 1 kube-dns guestbook redis-masterredis-slave
  • 67. Kubernetes - Does it run? Demo Final thoughts Kubernetes cluster - demo! worker 2worker 1 kube-dns guestbook redis-masterredis-slave
  • 68. Kubernetes - Does it run? Demo Final thoughts Kubernetes cluster - demo! worker 2worker 1 kube-dns guestbook redis-masterredis-slave
  • 69. Kubernetes - Does it run? Demo Final thoughts Kubernetes cluster - demo! worker 2worker 1 kube-dns guestbook redis-masterredis-slave
  • 70. Kubernetes - Does it run? Demo Final thoughts Kubernetes cluster - demo! worker 2worker 1 kube-dns guestbook redis-masterredis-slave
  • 71. Kubernetes - Does it run? Demo Final thoughts Kubernetes cluster - demo! worker 2worker 1 kube-dns guestbook redis-masterredis-slave
  • 72. Kubernetes - Does it run? Demo Final thoughts Kubernetes cluster - demo! worker 2worker 1 kube-dns guestbook redis-masterredis-slave
  • 73. Demo Final thoughts Questions? Final thoughts ● Kubernetes has lots of CLI options!
  • 74. Demo Final thoughts Questions? Final thoughts ● Kubernetes has lots of CLI options! ● IPv6 is coming!
  • 75. Demo Final thoughts Questions? Final thoughts ● Kubernetes has lots of CLI options! ● IPv6 is coming! ● Kubernetes is getting ready ○ TODO: ■ Dual stack! - GH #27398 ■ Kubelet’s node IP option with IPv6 - PR #45551 ■ Waive IPv6 prefix size limit for cluster CIDR - PR #52033 ■ Kubeadm
  • 76. Demo Final thoughts Questions? Final thoughts ● Kubernetes has lots of CLI options! ● IPv6 is coming! ● Kubernetes is getting ready ○ TODO: ■ Dual stack! - GH #27398 ■ Kubelet’s node IP option with IPv6 - PR #45551 ■ Waive IPv6 prefix size limit for cluster CIDR - PR #52033 ■ Kubeadm ● Unless you try it you’ll never find out.
  • 77. Final thoughts Questions? Cilium Thank You! Q & A Coming next… @ 2:50 pm in Diamond Ballroom 6 (this room) Cilium - Container Security and Networking Using BPF and XDP By Thomas Graf, Covalent André Martins DM on twitter: @aanm__ We are on Booth 501 https://www.cilium.io
  • 78. Image links https://askgramps.org/files/2016/08/pets1.jpg https://ytimg.googleusercontent.com/vi/zQFH6oSuJ5s/0.jpg https://superuser.com/questions/43853/is-there-any-benefit-to-using-ipv6-on-my-home-netwo rk https://i.ytimg.com/vi/XbF-MBr0Vlk/maxresdefault.jpg https://cdn-images-1.medium.com/max/1280/1*k8n7Jx9UaLRAxum9HMp8nQ.png https://i2.wp.com/www.portaldelpuerto.cl/wp-content/uploads/2015/12/nota-2-4.jpg https://i.imgflip.com/1ufhx7.jpg https://static2.stuff.co.nz/1189425600/528/63528.jpg http://99percentinvisible.org/app/uploads/2015/09/Multicolored-containers-3144199355.jpg http://4.bp.blogspot.com/-BkvoGJR1g-s/VkDsq8dPk3I/AAAAAAAACCA/ct-WAkIvWGw/s640/ Unknown.jpg https://whitneymarquise.files.wordpress.com/2017/02/img_7041.jpg http://www.stickpng.com/assets/images/58480a44cef1014c0b5e4917.png http://sdtimes.com/wp-content/uploads/2017/01/0123.sdt-etcd.png https://peerigon.github.io/talks/2016-10-18-webandwine-introduction-to-docker/assets/large_ v-trans.png https://regmedia.co.uk/2015/06/15/silicon-valley-servers.jpg https://regmedia.co.uk/2015/06/15/silicon-valley-fire.jpg http://agnesforever.com.ng/wp-content/uploads/2015/10/Multi-Level-Marketing.jpg https://i2.wp.com/res.cloudinary.com/samcogan/image/upload/v1495227346/Virtual_machine _rkM2_P7ql_mldz0b.png?fit=512%2C512 https://pbs.twimg.com/profile_images/567774844322713600/tYoVju31.png https://i.pinimg.com/originals/b4/bc/fe/b4bcfe622564b100b664503322874d73.jpg https://pixabay.com/en/persons-users-multiple-three-red-23875/