Cannot set the IPv6 addresses in dualstack mode during modification

[witalisoft]

Describe the bug

Changing the IP Address Type to dualstack (via annotation service.beta.kubernetes.io/aws-load-balancer-ip-address-type) with a provided list of IPv6 addresses (via annotation service.beta.kubernetes.io/aws-load-balancer-ipv6-addresses) is not being reflected (still using the randomly selected IP from IPv6 range). AWS Console gives the option to specify the IPv6 address. Creating instead of modifying the LoadBalancer, which works as expected.

Steps to reproduce

Initial Kubernetes service specification:

apiVersion: v1
kind: Service
metadata:
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-name: test
    service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip
    service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*'
    service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
    service.beta.kubernetes.io/aws-load-balancer-type: external
  name: test
spec:
  ports:
  - name: http
    port: 80
    targetPort: http
  - name: https
    port: 443
    targetPort: https
  selector:
    app.kubernetes.io/name: kubernetes-ingress
  type: LoadBalancer

Migration to dualstack mode with specified IPv6 addresses

apiVersion: v1
kind: Service
metadata:
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-ip-address-type: dualstack
    service.beta.kubernetes.io/aws-load-balancer-ipv6-addresses: <list of IPv6 addresses>
    service.beta.kubernetes.io/aws-load-balancer-name: test
    service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip
    service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*'
    service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
    service.beta.kubernetes.io/aws-load-balancer-type: external
  name: test
spec:
  ports:
  - name: http
    port: 80
    targetPort: http
  - name: https
    port: 443
    targetPort: https
  selector:
    app.kubernetes.io/name: kubernetes-ingress
  type: LoadBalancer

Expected outcome

IPv6 addresses specified in annotation service.beta.kubernetes.io/aws-load-balancer-ipv6-addresses should be taken in a dualstack mode.

Environment

• AWS Load Balancer controller version

2.8.0

• Kubernetes version

v1.27

• Using EKS (yes/no), if so version?

v1.27.13-eks-3af4770

Additional Context:

I haven't found any references during the update process to make it possible - https://github.com/kubernetes-sigs/aws-load-balancer-controller/blob/main/pkg/deploy/elbv2/load_balancer_manager.go#L88

[ChuksGrinage]

Thanks for bringing this to our attention. We are currently working to reproduce this issue on our end

[wweiwei-li]

I can reproduce this issue. The reason the specified IPv6 address is not set because we are only checking subnetID to determine if we need to update SubnetMappings, we also need to check IPv6Address updates.

[parambath92]

Hi @wweiwei-li , I would like to take this up if this is a good first issue for a newbie :)

[wweiwei-li]

@parambath92 That would be great. Thanks for your contribution.

[wweiwei-li]

Hey @witalisoft , I took another look at this issue. I think it is not a bug. Apologies for any confusion earlier.

You cannot change the IPv6 address for existing subnets. Otherwise, you will get an API error. AWS Console gives the option to specify the IPv6 address. I think that's because you are adding a new subnet. As for controller, if you add a new subnet, the subnet mapping will be updated as well since the SubnetIDs are changed (a new subnetID is added)

Please let me know if you have any questions.

[witalisoft]

Hello @wweiwei-li, you cannot change the address IPv6, when it is already been defined. The only option is to set the IPv6 address when changing the Load balancer IP address type ie. from IPv4 to dualstack, can this path be implemented ?

[witalisoft]

@wweiwei-li ping