Allow pods to directly speak to the public internet on their own public IPv6 addresses.

2025-12-29 18:35:20 -05:00
parent 98a5029ccf
commit 332bab09e3
5 changed files with 15 additions and 12 deletions
--- a/nix/kubernetes/roles/kube_controller_manager/default.nix
+++ b/nix/kubernetes/roles/kube_controller_manager/default.nix
@@ -38,9 +38,11 @@ in
            "${pkgs.kubernetes}/bin/kube-controller-manager"
            "--bind-address=0.0.0.0"
            # "--cluster-cidr=10.200.0.0/16"
-            # "--cluster-cidr=2620:11f:7001:7:ffff:ffff:0ac8:0000/16"
+            # "--cluster-cidr=2620:11f:7001:7:ffff:ffff:0ac8:0000/96"
            "--allocate-node-cidrs=true"
-            "--cluster-cidr=10.200.0.0/16,fd49:0595:2bba::/48"
+            "--cluster-cidr=10.200.0.0/16,2620:11f:7001:7:ffff:eeee::/96"
+            "--node-cidr-mask-size-ipv4=20" # default is 24
+            "--node-cidr-mask-size-ipv6=112" # default is 64, must be smaller than cluster-cidr mask
            "--cluster-name=kubernetes"
            "--cluster-signing-cert-file=/.persist/keys/kube/ca.crt"
            "--cluster-signing-key-file=/.persist/keys/kube/ca.key"