diff --git a/content/k3s/latest/en/installation/network-options/_index.md b/content/k3s/latest/en/installation/network-options/_index.md index 78e734929ea..0889039827e 100644 --- a/content/k3s/latest/en/installation/network-options/_index.md +++ b/content/k3s/latest/en/installation/network-options/_index.md @@ -74,15 +74,24 @@ You should see that IP forwarding is set to true. Dual-stack networking must be configured when the cluster is first created. It cannot be enabled on an existing single-stack cluster. +Dual-stack is supported on k3s v1.21 or above. + To enable dual-stack in k3s, you must provide valid dual-stack `cluster-cidr` and `service-cidr`, and set `disable-network-policy` on all server nodes. Both servers and agents must provide valid dual-stack `node-ip` settings. Node address auto-detection and network policy enforcement are not supported on dual-stack clusters when using the default flannel CNI. Besides, only vxlan backend is supported at the moment. This is an example of a valid configuration: ``` -node-ip: 10.0.10.7,2a05:d012:c6f:4611:5c2:5602:eed2:898c -cluster-cidr: 10.42.0.0/16,2001:cafe:42:0::/56 -service-cidr: 10.43.0.0/16,2001:cafe:42:1::/112 -disable-network-policy: true +k3s server --node-ip 10.0.10.7,2a05:d012:c6f:4611:5c2:5602:eed2:898c --cluster-cidr 10.42.0.0/16,2001:cafe:42:0::/56 --service-cidr 10.43.0.0/16,2001:cafe:42:1::/112 --disable-network-policy ``` Note that you can choose whatever `cluster-cidr` and `service-cidr` value, however the `node-ip` values must correspond to the ip addresses of your main interface. Remember to allow ipv6 traffic if you are deploying in a public cloud. If you are using a custom cni plugin, i.e. a cni plugin different from flannel, the previous configuration might not be enough to enable dual-stack in the cni plugin. Please check how to enable dual-stack in its documentation and verify if network policies can be enabled. + +### IPv6 only installation + +IPv6 only setup is supported on k3s v1.22 or above. As in dual-stack operation, IPv6 node addresses cannot be auto-detected; all nodes must have an explicitly configured IPv6 `node-ip`. This is an example of a valid configuration: + +``` +k3s server --node-ip 2a05:d012:c6f:4611:5c2:5602:eed2:898c --cluster-cidr 2001:cafe:42:0::/56 --service-cidr 2001:cafe:42:1::/112 --disable-network-policy +``` + +Note that you can specify only one IPv6 `cluster-cidr` value. diff --git a/content/rancher/v2.0-v2.4/en/installation/resources/advanced/firewall/_index.md b/content/rancher/v2.0-v2.4/en/installation/resources/advanced/firewall/_index.md index f3ee9defadd..67c6f880325 100644 --- a/content/rancher/v2.0-v2.4/en/installation/resources/advanced/firewall/_index.md +++ b/content/rancher/v2.0-v2.4/en/installation/resources/advanced/firewall/_index.md @@ -3,7 +3,7 @@ title: Opening Ports with firewalld weight: 1 --- -> We recommend disabling firewalld. For Kubernetes 1.19, firewalld must be turned off. +> We recommend disabling firewalld. For Kubernetes 1.19.x and higher, firewalld must be turned off. Some distributions of Linux [derived from RHEL,](https://en.wikipedia.org/wiki/Red_Hat_Enterprise_Linux#Rebuilds) including Oracle Linux, may have default firewall rules that block communication with Helm. diff --git a/content/rancher/v2.5/en/installation/resources/advanced/firewall/_index.md b/content/rancher/v2.5/en/installation/resources/advanced/firewall/_index.md index b779951aa7b..2ff27022f24 100644 --- a/content/rancher/v2.5/en/installation/resources/advanced/firewall/_index.md +++ b/content/rancher/v2.5/en/installation/resources/advanced/firewall/_index.md @@ -5,7 +5,7 @@ aliases: - /rancher/v2.x/en/installation/resources/advanced/firewall/ --- -> We recommend disabling firewalld. For Kubernetes 1.19, firewalld must be turned off. +> We recommend disabling firewalld. For Kubernetes 1.19.x and higher, firewalld must be turned off. Some distributions of Linux [derived from RHEL,](https://en.wikipedia.org/wiki/Red_Hat_Enterprise_Linux#Rebuilds) including Oracle Linux, may have default firewall rules that block communication with Helm. diff --git a/content/rancher/v2.6/en/installation/resources/advanced/firewall/_index.md b/content/rancher/v2.6/en/installation/resources/advanced/firewall/_index.md index 291cee6d594..69c1afae91d 100644 --- a/content/rancher/v2.6/en/installation/resources/advanced/firewall/_index.md +++ b/content/rancher/v2.6/en/installation/resources/advanced/firewall/_index.md @@ -3,7 +3,7 @@ title: Opening Ports with firewalld weight: 1 --- -> We recommend disabling firewalld. For Kubernetes 1.19, firewalld must be turned off. +> We recommend disabling firewalld. For Kubernetes 1.19.x and higher, firewalld must be turned off. Some distributions of Linux [derived from RHEL,](https://en.wikipedia.org/wiki/Red_Hat_Enterprise_Linux#Rebuilds) including Oracle Linux, may have default firewall rules that block communication with Helm.