dualstack: DNS always returns both IP families regardless of service configuration

Question

dualstack: DNS always returns both IP families regardless of service configuration

Closed this issue 3 months ago · 0 comments

This is a WDS limitation. There is no current way to encode the info.

We have a Service with no vips, and a workload with 2 IPs. In Kubernetes, we have an additional bit of metadata: the ipFamilies.

Without this, we cannot properly return an empty response.

Reproduce with dig AAAA echo-headless.default.svc.cluster.local

apiVersion: apps/v1
kind: Deployment
metadata:
  name: echo-headless
spec:
  selector:
    matchLabels:
      app: echo-headless
  template:
    metadata:
      labels:
        app: echo-headless
    spec:
      securityContext:
        sysctls:
        - name: net.ipv4.ip_unprivileged_port_start
          value: "0"
      containers:
      - name: echo
        image: gcr.io/istio-testing/app:latest
        imagePullPolicy: IfNotPresent
        args:
        - --tcp=9090
        - --tcp=9091
        - --server-first=9091
        - --port=80
        - --grpc=7070
        - --port=443
        - --tls=443
        - --crt=/cert.crt
        - --key=/cert.key
        env:
        - name: INSTANCE_IP
          valueFrom:
            fieldRef:
              fieldPath: status.podIP
---
apiVersion: v1
kind: Service
metadata:
  name: echo-headless
spec:
  selector:
    app: echo-headless
  clusterIP: None
  ports:
  - name: http
    port: 80
  - name: https
    port: 443
  - name: tcp
    port: 9090
  - name: tcp-sf
    port: 9091
  - name: grpc
    port: 7070