Kubeadm: Dual-Stack support for Kubeadm

thanks for logging the ticket @Arvinderpal
@aojea has been interested in implementing IPV6 support in kind, which uses kubeadm under the hood and adding testing signal for that.

@aojea please take a look and communicate with @Arvinderpal who wishes to add dual stack support in kubeadm.

/assign @aojea @Arvinderpal

@neolit123: GitHub didn't allow me to assign the following users: aojea.

Note that only kubernetes members and repo collaborators can be assigned and that issues/PRs can only have 10 assignees at the same time.
For more information please see the contributor guide

the IPV6 PRs merged in kind.
https://github.com/kubernetes-sigs/kind/pull/636
also for test signal:
https://github.com/kubernetes/test-infra/pull/13123
(should appear here https://k8s-testgrid.appspot.com/sig-testing-kind#kind%20(IPv6),%20master%20(dev))

been keeping an eye on the dual stack work for exactly this @neolit123 👀

/cc

@neolit123 I would like to add a doc for setting up dual-stack with kubeadm. I have a draft ready. Where would be a good place to add this?

hi @Arvinderpal we decided to do that for the beta release. is dual-stack going beta in 1.17?
if not possibly we should delay these docs until the beta.
if yes the location IMO should be in this doc in a new section, possibly under this one:
https://github.com/kubernetes/website/blob/master/content/en/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm.md#initializing-your-control-plane-node

also i'm on PTO this week and please direct any review requests to the rest of the group. :)

/cc

I'm concerned about a /24 default netblock allocation for IPv6. That's really large; it'd be more realistic to default to a /64 and let cluster operators override that if they know better.

@sftim

I'm concerned about a /24 default netblock allocation for IPv6. That's really large; it'd be more realistic to default to a /64 and let cluster operators override that if they know better.

@Arvinderpal should correct me, but i think such decisions are on the plate of SIG Network.

I totally agree that /24 is not appropriate for IPv6. It's more a carryover from IPv4.

@Arvinderpal should correct me, but i think such decisions are on the plate of SIG Network.
Yes, sig-network is the right place.

IIRC /24 is a legacy thing and we can't change it until this merge https://github.com/kubernetes/kubernetes/pull/79993

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

/remove-lifecycle stale

@Arvinderpal @aojea hi, are we going to see Beta graduation for this feature in core k8s for 1.19?

@Arvinderpal @aojea hi, are we going to see Beta graduation for this feature in core k8s for 1.19?

KEP is going to be updated soon , seems this is the intention https://github.com/kubernetes/kubernetes/pull/86895#issuecomment-606924359

thanks, @Arvinderpal would you be able to contribute any related changes to kubeadm for 1.19?

@neolit123 I have not been following the recent developments in dual-stack; however, if there are specific kubeadm changes needed, I can certainly make the time to help.

@Arvinderpal thanks. hopefully you will have the time if the feature moves forward as users will have the expectation that kubeadm supports the latest incarnation. otherwise we have to explain the discrepancy to them.

@aojea are you planning to get dual-stack support in kind?

@aojea are you planning to get dual-stack support in kind?

absolutely, I have also a PR working https://github.com/kubernetes-sigs/kind/pull/692, but we've decided to hold until the dual-stack feature is more stable. There are still lots of things to solve in the dual-stack area ...

help-wanted with resolving this item:

don't hardcode the ipv4 mask size to 24?

@sidharthsurana recently logged the same issue here:
https://github.com/kubernetes/kubeadm/issues/2327

I'll take it @neolit123

so,

e2e tests for service-cluster-ip-range

These are being tested implicitly with the presubmit and periodic jobs https://testgrid.k8s.io/sig-network-kind#sig-network-kind,%20dual,%20master

Add documentation on enabling dual-stack via kubadm

This seems the only part missing

Add apiserver-advertise-address support for dual-stack

Sig network started to discuss it recently ... that is not going to be resolved soon and is not clear how to move forward

/assign
so I don´t forget,
I will be the backup if nobody picks it

/assign

so I don´t forget,

I will be the backup if nobody picks it

May I pick it，😄 @aojea ？

I have done a similar thing before on dual-stack 1.18 which is a little different.

/unassign
/assign @pacoxu
Appreciate it,
Thanks

Action Items in 1.21：

• [x] https://github.com/kubernetes/kubernetes/pull/99294: feature gate alpha to beta cmd/kubeadm/app/features/features.go, it need wait for pkg/features/kube_features.go change.
• [x] https://github.com/kubernetes/website/pull/26675 Documentation: Add documentation on enabling dual-stack via kubadm.
• [ ] (will happen after 1.21) Add apiserver-advertise-address support for dual-stack

Is there anything that I miss?

that's it. my understanding is that apiserver-advertise-address is not going to happen in 1.21.

@neolit123 @aojea
Should we support multi node IPs in kubeadm init and join?

• auto-detect or with a flag --node-ips
• if dual-stack is true, detect both; if single-stack, prefer ipv4 or detect from pod-cidr first.

> --node-ip string IP address (or comma-separated dual-stack IP addresses) of the node. If unset, kubelet will use the node's default IPv4 address, if any, or its default IPv6 address if it has no IPv4 addresses. You can pass '::' to make it prefer the default IPv6 address rather than the default IPv4 address.

great catch, I think so, or your hostnetwork pods will be single-stack, that can be a problem ...

well, given kubeadm already supports passing kubelet config / flags we should just document how users can do that (KubeletConfiguration == preferred).
i don't think we should expose this is a wrapper in the kubeadm config or kubeadm flags.

arguably the kubeadm flag --node-name should not exist for similar reasons, but it's already there.

documentation is fine, I didn't want to mean to create a new option

@neolit123 node-ips auto detect should be a kubelet feature in my mind.
Currently, we can add it to the docs for reminding users.

@neolit123 node-ips auto detect should be a kubelet feature in my mind.
Currently, we can add it to the docs for reminding users.

the user has to specify the IP addresses of each family, separated by comma, there is no autodetect for dual-stack