Merge pull request #3976 from rancher/master-to-staging

Master to staging
2026-05-16 10:03:28 +00:00 · 2022-03-23 17:56:55 -04:00
parent 7fba815648 9e6c852d94
commit d089cb581b
4 changed files with 16 additions and 7 deletions
@@ -74,15 +74,24 @@ You should see that IP forwarding is set to true.

 Dual-stack networking must be configured when the cluster is first created. It cannot be enabled on an existing single-stack cluster.

+Dual-stack is supported on k3s v1.21 or above.
+
 To enable dual-stack in k3s, you must provide valid dual-stack `cluster-cidr` and `service-cidr`, and set `disable-network-policy` on all server nodes. Both servers and agents must provide valid dual-stack `node-ip` settings. Node address auto-detection and network policy enforcement are not supported on dual-stack clusters when using the default flannel CNI. Besides, only vxlan backend is supported at the moment. This is an example of a valid configuration:

 ```
-node-ip: 10.0.10.7,2a05:d012:c6f:4611:5c2:5602:eed2:898c
-cluster-cidr: 10.42.0.0/16,2001:cafe:42:0::/56
-service-cidr: 10.43.0.0/16,2001:cafe:42:1::/112
-disable-network-policy: true
+k3s server --node-ip 10.0.10.7,2a05:d012:c6f:4611:5c2:5602:eed2:898c --cluster-cidr 10.42.0.0/16,2001:cafe:42:0::/56 --service-cidr 10.43.0.0/16,2001:cafe:42:1::/112 --disable-network-policy
 ```

 Note that you can choose whatever `cluster-cidr` and `service-cidr` value, however the `node-ip` values must correspond to the ip addresses of your main interface. Remember to allow ipv6 traffic if you are deploying in a public cloud.

 If you are using a custom cni plugin, i.e. a cni plugin different from flannel, the previous configuration might not be enough to enable dual-stack in the cni plugin. Please check how to enable dual-stack in its documentation and verify if network policies can be enabled.
+
+### IPv6 only installation
+
+IPv6 only setup is supported on k3s v1.22 or above. As in dual-stack operation, IPv6 node addresses cannot be auto-detected; all nodes must have an explicitly configured IPv6 `node-ip`. This is an example of a valid configuration:
+
+```
+k3s server --node-ip 2a05:d012:c6f:4611:5c2:5602:eed2:898c --cluster-cidr 2001:cafe:42:0::/56 --service-cidr 2001:cafe:42:1::/112 --disable-network-policy
+```
+
+Note that you can specify only one IPv6 `cluster-cidr` value.
@@ -3,7 +3,7 @@ title: Opening Ports with firewalld
 weight: 1
 ---

-> We recommend disabling firewalld. For Kubernetes 1.19, firewalld must be turned off.
+> We recommend disabling firewalld. For Kubernetes 1.19.x and higher, firewalld must be turned off.

 Some distributions of Linux [derived from RHEL,](https://en.wikipedia.org/wiki/Red_Hat_Enterprise_Linux#Rebuilds) including Oracle Linux, may have default firewall rules that block communication with Helm.

@@ -5,7 +5,7 @@ aliases:
  - /rancher/v2.x/en/installation/resources/advanced/firewall/
 ---

-> We recommend disabling firewalld. For Kubernetes 1.19, firewalld must be turned off.
+> We recommend disabling firewalld. For Kubernetes 1.19.x and higher, firewalld must be turned off.

 Some distributions of Linux [derived from RHEL,](https://en.wikipedia.org/wiki/Red_Hat_Enterprise_Linux#Rebuilds) including Oracle Linux, may have default firewall rules that block communication with Helm.

@@ -3,7 +3,7 @@ title: Opening Ports with firewalld
 weight: 1
 ---

-> We recommend disabling firewalld. For Kubernetes 1.19, firewalld must be turned off.
+> We recommend disabling firewalld. For Kubernetes 1.19.x and higher, firewalld must be turned off.

 Some distributions of Linux [derived from RHEL,](https://en.wikipedia.org/wiki/Red_Hat_Enterprise_Linux#Rebuilds) including Oracle Linux, may have default firewall rules that block communication with Helm.