From 3de7613b50fb8bab1b3049f3cf3da3044211c651 Mon Sep 17 00:00:00 2001 From: Mike Beaumont Date: Mon, 23 Jun 2025 22:47:13 +0200 Subject: [PATCH 1/2] fix: create IPv4 Service with ipFamily IPv4 on dual-stack, IPv6-first cluster Signed-off-by: Mike Beaumont --- internal/infrastructure/kubernetes/proxy/resource_provider.go | 4 +++- .../infrastructure/kubernetes/proxy/resource_provider_test.go | 4 ++-- .../kubernetes/proxy/testdata/services/ipv4-singlestack.yaml | 3 +++ 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/internal/infrastructure/kubernetes/proxy/resource_provider.go b/internal/infrastructure/kubernetes/proxy/resource_provider.go index 4d5eb1ea02d..4bb5a493013 100644 --- a/internal/infrastructure/kubernetes/proxy/resource_provider.go +++ b/internal/infrastructure/kubernetes/proxy/resource_provider.go @@ -251,8 +251,10 @@ func (r *ResourceRender) Service() (*corev1.Service, error) { // Set IP family policy and families based on proxy config request ipFamily := r.infra.GetProxyConfig().Spec.IPFamily if ipFamily != nil { - // SingleStack+IPv4 is default behavior from K8s and so is omitted switch *ipFamily { + case egv1a1.IPv4: + serviceSpec.IPFamilies = []corev1.IPFamily{corev1.IPv4Protocol} + serviceSpec.IPFamilyPolicy = ptr.To(corev1.IPFamilyPolicySingleStack) case egv1a1.IPv6: serviceSpec.IPFamilies = []corev1.IPFamily{corev1.IPv6Protocol} serviceSpec.IPFamilyPolicy = ptr.To(corev1.IPFamilyPolicySingleStack) diff --git a/internal/infrastructure/kubernetes/proxy/resource_provider_test.go b/internal/infrastructure/kubernetes/proxy/resource_provider_test.go index 843712a966d..5a22a4c9066 100644 --- a/internal/infrastructure/kubernetes/proxy/resource_provider_test.go +++ b/internal/infrastructure/kubernetes/proxy/resource_provider_test.go @@ -1864,8 +1864,8 @@ func TestIPFamilyPresentInSpec(t *testing.T) { { "ipv4 specified", ptr.To(egv1a1.IPv4), - nil, - nil, + []corev1.IPFamily{corev1.IPv4Protocol}, + ptr.To(corev1.IPFamilyPolicySingleStack), }, { "ipv6 specified", diff --git a/internal/infrastructure/kubernetes/proxy/testdata/services/ipv4-singlestack.yaml b/internal/infrastructure/kubernetes/proxy/testdata/services/ipv4-singlestack.yaml index 9ad424d2422..3e6fcef3dd7 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/services/ipv4-singlestack.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/services/ipv4-singlestack.yaml @@ -17,6 +17,9 @@ metadata: uid: test-owner-reference-uid-for-gatewayclass spec: externalTrafficPolicy: Local + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack ports: - name: EnvoyHTTPPort port: 0 From bff3ba828537f5a7786785fae2fc9b6a29858f95 Mon Sep 17 00:00:00 2001 From: Mike Beaumont Date: Mon, 23 Jun 2025 22:55:04 +0200 Subject: [PATCH 2/2] chore: changelog Signed-off-by: Mike Beaumont --- release-notes/current.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/release-notes/current.yaml b/release-notes/current.yaml index 50832849a8a..8ab91378835 100644 --- a/release-notes/current.yaml +++ b/release-notes/current.yaml @@ -39,6 +39,7 @@ bug fixes: | Fixed bug in certificate SANs overlap detection in listeners. Fixed issue where EnvoyExtensionPolicy ExtProc body processing mode is set to FullDuplexStreamed, but trailers were not sent. Fixed validation issue where EnvoyExtensionPolicy ExtProc failOpen is true, and body processing mode FullDuplexStreamed is not rejected. + Fixed bug with IPv6, dual stack clusters and ipFamily IPV4 where the Service was IPv6. # Enhancements that improve performance.