Define a dual-stack virtual network with both IPv4 and IPv6 private address space. Change host_cidr variable (string) to a network_cidr variable (object) with "ipv4" and "ipv6" fields that list CIDR strings.
Define dual-stack controller and worker subnets. Disable Azure default outbound access (a deprecated fallback mechanism)
Enable dual-stack load balancing to Kubernetes Ingress by adding a public IPv6 frontend IP and LB rule to the load balancer.
Enable worker outbound IPv6 connectivity through load balancer SNAT by adding an IPv6 frontend IP and outbound rule
Configure controller nodes with a public IPv6 address to provide direct outbound IPv6 connectivity
Add an IPv6 worker backend pool. Azure requires separate IPv4 and IPv6 backend pools, though the health probe can be shared
Extend network security group rules for IPv6 source/destinations
Checklist:
[x] Access to controller and worker nodes via IPv6 addresses:
SSH access to controller nodes via public IPv6 address
SSH access to worker nodes via (private) IPv6 address (via controller)
[x] Outbound IPv6 connectivity from controller and worker nodes:
nc -6 -zv ipv6.google.com 80
Ncat: Version 7.94 ( https://nmap.org/ncat )
Ncat: Connected to [2607:f8b0:4001:c16::66]:80.
Ncat: 0 bytes sent, 0 bytes received in 0.02 seconds.
[x] Serve Ingress traffic via IPv4 or IPv6 just requires setting up A and AAAA records and running the ingress controller with hostNetwork: true since, hostPort only forwards IPv4 traffic
host_cidr
variable (string) to anetwork_cidr
variable (object) with "ipv4" and "ipv6" fields that list CIDR strings.Checklist:
[x] Access to controller and worker nodes via IPv6 addresses:
[x] Outbound IPv6 connectivity from controller and worker nodes:
hostNetwork: true
since, hostPort only forwards IPv4 traffic