dualstack: DNS always returns both IP families regardless of service configuration
Closed this issue · 0 comments
howardjohn commented
This is a WDS limitation. There is no current way to encode the info.
We have a Service with no vips, and a workload with 2 IPs. In Kubernetes, we have an additional bit of metadata: the ipFamilies.
Without this, we cannot properly return an empty response.
Reproduce with dig AAAA echo-headless.default.svc.cluster.local
apiVersion: apps/v1
kind: Deployment
metadata:
name: echo-headless
spec:
selector:
matchLabels:
app: echo-headless
template:
metadata:
labels:
app: echo-headless
spec:
securityContext:
sysctls:
- name: net.ipv4.ip_unprivileged_port_start
value: "0"
containers:
- name: echo
image: gcr.io/istio-testing/app:latest
imagePullPolicy: IfNotPresent
args:
- --tcp=9090
- --tcp=9091
- --server-first=9091
- --port=80
- --grpc=7070
- --port=443
- --tls=443
- --crt=/cert.crt
- --key=/cert.key
env:
- name: INSTANCE_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
---
apiVersion: v1
kind: Service
metadata:
name: echo-headless
spec:
selector:
app: echo-headless
clusterIP: None
ports:
- name: http
port: 80
- name: https
port: 443
- name: tcp
port: 9090
- name: tcp-sf
port: 9091
- name: grpc
port: 7070