From 08064f514ff85b87c07991e63f3077b9a39dcb27 Mon Sep 17 00:00:00 2001 From: Paco Xu Date: Mon, 8 Mar 2021 10:50:28 +0800 Subject: [PATCH] Update format and remove unrelated args from dual-stack docs Signed-off-by: pacoxu Co-authored-by: Tim Bannister --- .../services-networking/dual-stack.md | 3 +- .../tools/kubeadm/dual-stack-support.md | 54 +++++++++++-------- 2 files changed, 34 insertions(+), 23 deletions(-) diff --git a/content/en/docs/concepts/services-networking/dual-stack.md b/content/en/docs/concepts/services-networking/dual-stack.md index a8e1d9dae67f4..7f5c7ca523a24 100644 --- a/content/en/docs/concepts/services-networking/dual-stack.md +++ b/content/en/docs/concepts/services-networking/dual-stack.md @@ -242,4 +242,5 @@ Ensure your {{< glossary_tooltip text="CNI" term_id="cni" >}} provider supports * [Validate IPv4/IPv6 dual-stack](/docs/tasks/network/validate-dual-stack) networking -* [Dual-stack support with kubeadm](/docs/setup/production-environment/tools/kubeadm/dual-stack-support/) +* [Enable dual-stack networking using kubeadm +](/docs/setup/production-environment/tools/kubeadm/dual-stack-support/) diff --git a/content/en/docs/setup/production-environment/tools/kubeadm/dual-stack-support.md b/content/en/docs/setup/production-environment/tools/kubeadm/dual-stack-support.md index 3962213cd92ce..fb3ffe1284ff1 100644 --- a/content/en/docs/setup/production-environment/tools/kubeadm/dual-stack-support.md +++ b/content/en/docs/setup/production-environment/tools/kubeadm/dual-stack-support.md @@ -4,44 +4,60 @@ feature: title: Dual-stack support with kubeadm content_type: task weight: 110 +min-kubernetes-server-version: 1.21 --- {{< feature-state for_k8s_version="v1.21" state="beta" >}} -IPv4/IPv6 dual-stack enables the allocation of both IPv4 and IPv6 addresses to {{< glossary_tooltip text="Pods" term_id="pod" >}} and {{< glossary_tooltip text="Services" term_id="service" >}}. +Your Kubernetes cluster can run in [dual-stack](/docs/concepts/services-networking/dual-stack/) networking mode, which means that cluster networking lets you use either address family. In a dual-stack cluster, the control plane can assign both an IPv4 address and an IPv6 address to a single {{< glossary_tooltip text="Pod" term_id="pod" >}} or a {{< glossary_tooltip text="Service" term_id="service" >}}. -## Enable dual-stack via kubeadm +## {{% heading "prerequisites" %}} -Install kubeadm following the steps from the [Installing Kubeadm](/docs/setup/production-environment/tools/kubeadm/install-kubeadm/) documentation. +You need to have installed the {{< glossary_tooltip text="kubeadm" term_id="kubeadm" >}} tool, following the steps from [Installing kubeadm](/docs/setup/production-environment/tools/kubeadm/install-kubeadm/). -Make sure that nodes allow IPv6 forwarding, if not, run `sudo sysctl -w net.ipv6.conf.all.forwarding=1` on every node in the cluster. +For each server that you want to use as a {{< glossary_tooltip text="node" term_id="node" >}}, make sure it allows IPv6 forwarding. On Linux, you can set this by running run `sysctl -w net.ipv6.conf.all.forwarding=1` as the root user on each server. + +You need to have an IPv4 and and IPv6 address range to use. Cluster operators typically +use private address ranges for IPv4. For IPv6, a cluster operator typically chooses a global +unicast address block from within `2000::/3`, using a range that is assigned to the operator. +You don't have to route the cluster's IP address ranges to the public internet. + +The size of the IP address allocations should be suitable for the number of Pods and +Services that you are planning to run. {{< note >}} -`kubeadm upgrade` will change `IPv6DualStack` to true by default if the feature gate is not set in an old cluster. However, cluster CIDR and service CIDR modifications are not supported. +If you are upgrading an existing cluster then, by default, the `kubeadm upgrade` command +changes the [feature gate](/docs/reference/command-line-tools-reference/feature-gates/) +`IPv6DualStack` to `true` if that is not already enabled. +However, `kubeadm` does not support making modifications to the pod IP address range +(“cluster CIDR”) nor to the cluster's Service address range (“Service CIDR”). {{< /note >}} ### Create a dual-stack cluster -To create a dual-stack cluster with `kubeadm init` you can pass the following flags: +To create a dual-stack cluster with `kubeadm init` you can pass command line arguments +similar to the following example: ```shell -kubeadm init --pod-network-cidr=10.244.0.0/16,fd00:10:244::/56 --service-cidr=10.96.0.0/16,fd00:10:96::/112 +# These address ranges are examples +kubeadm init --pod-network-cidr=10.244.0.0/16,2001:db8:42:0::/56 --service-cidr=10.96.0.0/16,2001:db8:42:1::/112 ``` To make things clearer, here is an example kubeadm [configuration file](https://pkg.go.dev/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta2) `kubeadm-config.yaml` for the primary dual-stack control plane node. ```yaml +--- apiVersion: kubeadm.k8s.io/v1beta2 kind: ClusterConfiguration featureGates: IPv6DualStack: true networking: - podSubnet: 10.244.0.0/16,fd00:10:244::/56 - serviceSubnet: 10.96.0.0/16,fd00:10:96::/112 + podSubnet: 10.244.0.0/16,2001:db8:42:0::/56 + serviceSubnet: 10.96.0.0/16,2001:db8:42:1::/112 --- apiVersion: kubeadm.k8s.io/v1beta2 kind: InitConfiguration @@ -50,13 +66,12 @@ localAPIEndpoint: bindPort: 6443 nodeRegistration: kubeletExtraArgs: - fail-swap-on: "false" node-ip: 10.100.0.2,fd00:1:2:3::2 ``` -`advertiseAddress` in InitConfiguration specifies the IP address the API Server will advertise it's listening on. It equals to the `--apiserver-advertise-address` flag of `kubeadm init`. +`advertiseAddress` in InitConfiguration specifies the IP address that the API Server will advertise it is listening on. The value of `advertiseAddress` equals the `--apiserver-advertise-address` flag of `kubeadm init` -Run kubeadm to initiate the dual-stack control plane node. +Run kubeadm to initiate the dual-stack control plane node: ```shell kubeadm init --config=kubeadm-config.yaml @@ -65,7 +80,7 @@ kubeadm init --config=kubeadm-config.yaml Currently, the kube-controller-manager flags `--node-cidr-mask-size-ipv4|--node-cidr-mask-size-ipv6` are being left with default values. See [enable IPv4/IPv6 dual stack](/docs/concepts/services-networking/dual-stack#enable-ipv4ipv6-dual-stack). {{< note >}} -Currently the `--apiserver-advertise-address` flag does not support dual-stack. +The `--apiserver-advertise-address` flag does not support dual-stack. {{< /note >}} ### Join a node to dual-stack cluster @@ -80,11 +95,8 @@ kind: JoinConfiguration discovery: bootstrapToken: apiServerEndpoint: 10.100.0.1:6443 - token: 0c0z4p.dnafh6vnmouus569 - caCertHashes: ["sha256:fcb3e956a6880c05fc9d09714424b827f57a6fdc8afc44497180905946527adf"] nodeRegistration: kubeletExtraArgs: - fail-swap-on: "false" node-ip: 10.100.0.3,fd00:1:2:3::3 ``` @@ -99,16 +111,13 @@ controlPlane: discovery: bootstrapToken: apiServerEndpoint: 10.100.0.1:6443 - token: 0c0z4p.dnafh6vnmouus569 - caCertHashes: ["sha256:fcb3e956a6880c05fc9d09714424b827f57a6fdc8afc44497180905946527adf"] nodeRegistration: kubeletExtraArgs: - fail-swap-on: "false" node-ip: 10.100.0.4,fd00:1:2:3::4 ``` -`advertiseAddress` in JoinConfiguration.controlPlane specifies the IP address the API Server will advertise it's listening on. It equals to the `--apiserver-advertise-address` flag of `kubeadm join`. +`advertiseAddress` in JoinConfiguration.controlPlane specifies the IP address that the API Server will advertise it is listening on. The value of `advertiseAddress` equals the `--apiserver-advertise-address` flag of `kubeadm join`. ```shell kubeadm join --config=kubeadm-config.yaml ... @@ -117,7 +126,8 @@ kubeadm join --config=kubeadm-config.yaml ... ### Create a single-stack cluster {{< note >}} -Enabling the dual-stack feature doesn't mean that you need to use dual-stack addresses, i.e., you can have a single-stack cluster with the feature flag enabled. +Enabling the dual-stack feature doesn't mean that you need to use dual-stack addressing. +You can deploy a single-stack cluster that has the dual-stack networking feature enabled. {{< /note >}} In 1.21 the `IPv6DualStack` feature is Beta and the feature gate is defaulted to `true`. To disable the feature you must configure the feature gate to `false`. Note that once the feature is GA, the feature gate will be removed. @@ -141,4 +151,4 @@ networking: ## {{% heading "whatsnext" %}} * [Validate IPv4/IPv6 dual-stack](/docs/tasks/network/validate-dual-stack) networking -* [Dual-stack enabled](/docs/concepts/services-networking/dual-stack/) cluster +* Read about [Dual-stack](/docs/concepts/services-networking/dual-stack/) cluster networking