Allow pods to directly speak to the public internet on their own public IPv6 addresses.

2025-12-29 18:35:20 -05:00
parent d1c7a0bfca
commit b504dc4d66
5 changed files with 15 additions and 12 deletions
--- a/nix/kubernetes/roles/kube_controller_manager/default.nix
+++ b/nix/kubernetes/roles/kube_controller_manager/default.nix
@@ -38,9 +38,11 @@ in
            "${pkgs.kubernetes}/bin/kube-controller-manager"
            "--bind-address=0.0.0.0"
            # "--cluster-cidr=10.200.0.0/16"
-            # "--cluster-cidr=2620:11f:7001:7:ffff:ffff:0ac8:0000/16"
+            # "--cluster-cidr=2620:11f:7001:7:ffff:ffff:0ac8:0000/96"
            "--allocate-node-cidrs=true"
-            "--cluster-cidr=10.200.0.0/16,fd49:0595:2bba::/48"
+            "--cluster-cidr=10.200.0.0/16,2620:11f:7001:7:ffff:eeee::/96"
+            "--node-cidr-mask-size-ipv4=20" # default is 24
+            "--node-cidr-mask-size-ipv6=112" # default is 64, must be smaller than cluster-cidr mask
            "--cluster-name=kubernetes"
            "--cluster-signing-cert-file=/.persist/keys/kube/ca.crt"
            "--cluster-signing-key-file=/.persist/keys/kube/ca.key"
--- a/nix/kubernetes/roles/kube_proxy/default.nix
+++ b/nix/kubernetes/roles/kube_proxy/default.nix
@@ -33,7 +33,7 @@ in
        mode = "iptables";
        # clusterCIDR = "10.200.0.0/16";
        # clusterCIDR = "2620:11f:7001:7:ffff:ffff:0ac8:0000/16";
-        clusterCIDR = "10.200.0.0/16,fd49:0595:2bba::/48";
+        clusterCIDR = "10.200.0.0/16,2620:11f:7001:7:ffff:eeee::/96";
      };
      description = ''
        kubelet-config.yaml
@@ -57,7 +57,7 @@ in
            "${pkgs.kubernetes}/bin/kube-proxy"
            "--config=${config_file}"
            "--nodeport-addresses=primary"
-            "--cluster-cidr=10.200.0.0/16,fd49:0595:2bba::/48"
+            "--cluster-cidr=10.200.0.0/16,2620:11f:7001:7:ffff:eeee::/96"
          ]
        );
        Restart = "on-failure";