diff --git a/internal/infrastructure/kubernetes/proxy/resource_provider.go b/internal/infrastructure/kubernetes/proxy/resource_provider.go index 4d5eb1ea02d..4bb5a493013 100644 --- a/internal/infrastructure/kubernetes/proxy/resource_provider.go +++ b/internal/infrastructure/kubernetes/proxy/resource_provider.go @@ -251,8 +251,10 @@ func (r *ResourceRender) Service() (*corev1.Service, error) { // Set IP family policy and families based on proxy config request ipFamily := r.infra.GetProxyConfig().Spec.IPFamily if ipFamily != nil { - // SingleStack+IPv4 is default behavior from K8s and so is omitted switch *ipFamily { + case egv1a1.IPv4: + serviceSpec.IPFamilies = []corev1.IPFamily{corev1.IPv4Protocol} + serviceSpec.IPFamilyPolicy = ptr.To(corev1.IPFamilyPolicySingleStack) case egv1a1.IPv6: serviceSpec.IPFamilies = []corev1.IPFamily{corev1.IPv6Protocol} serviceSpec.IPFamilyPolicy = ptr.To(corev1.IPFamilyPolicySingleStack) diff --git a/internal/infrastructure/kubernetes/proxy/resource_provider_test.go b/internal/infrastructure/kubernetes/proxy/resource_provider_test.go index 843712a966d..5a22a4c9066 100644 --- a/internal/infrastructure/kubernetes/proxy/resource_provider_test.go +++ b/internal/infrastructure/kubernetes/proxy/resource_provider_test.go @@ -1864,8 +1864,8 @@ func TestIPFamilyPresentInSpec(t *testing.T) { { "ipv4 specified", ptr.To(egv1a1.IPv4), - nil, - nil, + []corev1.IPFamily{corev1.IPv4Protocol}, + ptr.To(corev1.IPFamilyPolicySingleStack), }, { "ipv6 specified", diff --git a/internal/infrastructure/kubernetes/proxy/testdata/services/ipv4-singlestack.yaml b/internal/infrastructure/kubernetes/proxy/testdata/services/ipv4-singlestack.yaml index 9ad424d2422..3e6fcef3dd7 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/services/ipv4-singlestack.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/services/ipv4-singlestack.yaml @@ -17,6 +17,9 @@ metadata: uid: test-owner-reference-uid-for-gatewayclass spec: externalTrafficPolicy: Local + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack ports: - name: EnvoyHTTPPort port: 0 diff --git a/release-notes/current.yaml b/release-notes/current.yaml index 50832849a8a..8ab91378835 100644 --- a/release-notes/current.yaml +++ b/release-notes/current.yaml @@ -39,6 +39,7 @@ bug fixes: | Fixed bug in certificate SANs overlap detection in listeners. Fixed issue where EnvoyExtensionPolicy ExtProc body processing mode is set to FullDuplexStreamed, but trailers were not sent. Fixed validation issue where EnvoyExtensionPolicy ExtProc failOpen is true, and body processing mode FullDuplexStreamed is not rejected. + Fixed bug with IPv6, dual stack clusters and ipFamily IPV4 where the Service was IPv6. # Enhancements that improve performance.