Closed kaykhan closed 4 months ago
wweiwei-li
commented
4 months ago Yes, to use IPv6 target group. your instances should have primary IPv6 address. This should be enabled on the ec2 instances side. The setting to enable Assign primary IPv6 IP is under EC2 -> Netowrking -> Manage IP Addresses -> enable Assign primary ipv6
michal-sa
commented
3 months ago @kaykhan did you solve this with terraform and the EKS module somehow? I'm currently encountering the same issues but can't find any way to enable it through IaC.
kaykhan
commented
3 months ago @kaykhan did you solve this with terraform and the EKS module somehow? I'm currently encountering the same issues but can't find any way to enable it through IaC.
H @michal-sa I yes i managed to resolve this when using ipv6 the target-type cannot be instance and must instead be ip
https://aws.amazon.com/blogs/containers/amazon-eks-launches-ipv6-support/
ALB and NLB in the current phase of their IPv6 support allow dual-stack for internet-facing (frontend) endpoints. Both IPv4 and IPv6 clients can connect to NLB or ALB in dual-mode. EKS IPv6 clusters provision ALB and NLB in dual stack IP mode when you add an annotation service.beta.kubernetes.io/aws-load-balancer-ip-address-type: dualstack to your service or ingress manifests. NLB and ALB use target types to define the destination targets. As of today, you can configure the ingress type with the annotation alb.ingress.kubernetes.io/target-type: ip only. Targets of type instance are not supported.
working example (assumes your cluster is setup correctly):
apiVersion: v1
kind: Namespace
metadata:
name: echoserver
---
apiVersion: v1
kind: Service
metadata:
name: echoserver
namespace: echoserver
spec:
ports:
- port: 80
targetPort: 8080
protocol: TCP
type: NodePort
selector:
app: echoserver
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: echoserver
namespace: echoserver
spec:
selector:
matchLabels:
app: echoserver
replicas: 3
template:
metadata:
labels:
app: echoserver
spec:
containers:
- image: k8s.gcr.io/e2e-test-images/echoserver:2.5
imagePullPolicy: Always
name: echoserver
ports:
- containerPort: 8080
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: echoserver
namespace: echoserver
labels:
app: echoserver
annotations:
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/tags: Environment=dev,Team=test
alb.ingress.kubernetes.io/ip-address-type: dualstack
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/certificate-arn: <YOUR CERT>
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP":80,"HTTPS": 443}]'
alb.ingress.kubernetes.io/healthcheck-path: /health
alb.ingress.kubernetes.io/ssl-redirect: '443'
alb.ingress.kubernetes.io/ssl-policy: ELBSecurityPolicy-TLS-1-2-Ext-2018-06
spec:
ingressClassName: alb
rules:
- host: echoserver.<YOUR_DOMAIN>.com
http:
paths:
- path: /
pathType: Exact
backend:
service:
name: echoserver
port:
number: 80
Thank you for the really fast response @kaykhan :smile: It worked just fine to change it to the ip type. Missed that part in the blog.
kaykhan
commented
3 months ago Thank you for the really fast response @kaykhan 😄 It worked just fine to change it to the
iptype. Missed that part in the blog.
you're welcome, yes its quite easy to miss.
I have provisioned a test k8s cluster using `https://github.com/terraform-aws-modules/terraform-aws-eks i am trying to expose an example service externally using https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.7/
However im getting the following error:
Would appreciate if someone could help me understand this.
It looks like there is a setting to enable Assign primary IPv6 IP under EC2 -> Netowrking -> Manage IP Addresses. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html?icmpid=docs_ec2_console#managing-network-interface-ip-addresses
Should this be enabled on the ec2 instances?