How do I expose my incoming Ingress traffic to both IPv4 or IPv6 on AKS?
From Kubernetes v1.16 IPv4/IPv6 dual-stack is added as alpha feature, which means you need to enable it via feature gates.
To enable IPv4/IPv6 dual-stack, enable the
IPv6DualStackfeature gate for the relevant components of your cluster, and set dual-stack cluster network assignments:
- kube-apiserver:-
--feature-gates="IPv6DualStack=true"- kube-controller-manager:-
--feature-gates="IPv6DualStack=true"---cluster-cidr=<IPv4 CIDR>,<IPv6 CIDR>---service-cluster-ip-range=<IPv4 CIDR>,<IPv6 CIDR>---node-cidr-mask-size-ipv4|--node-cidr-mask-size-ipv6defaults to /24 for IPv4 and /64 for IPv6- kubelet:-
--feature-gates="IPv6DualStack=true"- kube-proxy:-
--cluster-cidr=<IPv4 CIDR>,<IPv6 CIDR>---feature-gates="IPv6DualStack=true"Note: An example of an IPv4 CIDR:
10.244.0.0/16(though you would supply your own address range) An example of an IPv6 CIDR:fdXY:IJKL:MNOP:15::/64(this shows the format but is not a valid address - see RFC 4193)
You also need a CNI which will support the dual-stack for example Calico and you can check how to Enable dual stack.
Unfortunately I do not know how to do that on AKS.
To allow both IPv4 and IPV6, the easiest would be to configure two kubernetes service for your NGINX Ingress Controller.
Deploy your Charts normally and augment it with a raw kubernetes manifest based on https://github.com/kubernetes/ingress-nginx/blob/master/charts/ingress-nginx/templates/controller-service.yaml
one service will default to the IPFamily IPv4 while the second service should set the ipFamily to IPv6
https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services
This will allow you to have to frontendIP ready to handle the IPv4 and IPv6 traffic.
You could then used the external-DNS service to have both IPs (v4/v6) with the same DNS hostname. (one A record, and one AAAA record).