{"id":15027,"date":"2023-07-24T16:19:25","date_gmt":"2023-07-24T09:19:25","guid":{"rendered":"https:\/\/gcloudvn.com\/?p=15027"},"modified":"2023-08-10T11:20:09","modified_gmt":"2023-08-10T04:20:09","slug":"operational-goodies-for-your-ipv4-ipv6-dual-stack-kubernetes-clusters","status":"publish","type":"post","link":"https:\/\/gcloudvn.com\/en\/kienthuc\/operational-goodies-for-your-ipv4-ipv6-dual-stack-kubernetes-clusters\/","title":{"rendered":"Operational goodies for your IPv4\/IPv6 dual-stack Kubernetes clusters"},"content":{"rendered":"<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Is your business ready to get started with IPv6? Is your cloud provider ready to go with you? <a href=\"https:\/\/gcloudvn.com\/en\/google-kubernetes-engine-gke\/\">Google Kubernetes Engine<\/a> (GKE) now supports dual-stack Kubernetes clusters to support your enterprise&#039;s transition to IPv6 and ensure that your application is always ready. To meet the operational requirements for IPv6 workloads, Google is adding a number of features to GKE networking to extend protection for incoming and outgoing IPv6 traffic, and keep it secure, safe, and available.<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">The following features for dual-stack GKE clusters now include IPv6, making it easier to enable v6 workloads with solutions that use both v6 and v4 Pods:<\/span><\/p>\n<ol style=\"text-align: justify;\">\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Load Balancer Services<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">FQDN Network Policies\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Dataplane V2 observability<\/span><\/li>\n<\/ol>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">These new features complement the extensive work we\u2019ve been doing for GKE to support IPv6 at the same level as we do IPv4. For example:<\/span><\/p>\n<ul style=\"text-align: justify;\">\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Dual-stack clusters<\/b><span style=\"font-weight: 400;\"> \u2013 Google has supported IPv4 and IPv6 front-ends with Ingress for a while and the Gateway API management system <\/span><span style=\"font-weight: 400;\">by Google has supported them since launch. Starting December 22, 2022, dual-stack GKE clusters have been provisioned with global unicast addresses (GUA) along with unique local addresses (ULA) across VPC networks. <a href=\"https:\/\/gcloudvn.com\/en\/google-cloud-platform\/\">Google Cloud<\/a>. With GKE dual-stack clusters, both nodes and Pods are assigned an IPv4 and IPv6 address to facilitate communication with both IP addresses.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>DNS support<\/b><span style=\"font-weight: 400;\"> \u2013 GKE supports both IP addresses with many DNS solutions. From the very beginning, kube-dns has supported dual-stack with both A and AAAA records. GKE also provides a more powerful, optimized and efficient DNS service through <\/span><span style=\"font-weight: 400;\">Cloud DNS<\/span><span style=\"font-weight: 400;\">. This Google Cloud-native DNS integration includes in-cluster name resolution with full IPv4 and IPv6 support.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Dual-stack Kubernetes Services<\/b><span style=\"font-weight: 400;\"> - For Services, either single-stack IPv4, single-stack IPv6, or dual-stack addresses can be allocated. When we released dual-stack clusters, we supported clusterIP and nodePort Services. These fundamental constructs enable IPv6-capable Kubernetes workloads to be connected in a cluster.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Serving IPv6 to the world<\/b><span style=\"font-weight: 400;\"> \u2013 GKE clusters have long been able to discover your workloads whenever needed through Kubernetes Ingress services on Google Cloud. By deploying Gateway and Ingress services on GKE, you will get the benefits of Google Networking at the edge to serve and protect with IPv6! Both the Kubernetes Gateway API and Ingress on GKE use the tried-and-true approach <\/span><span style=\"font-weight: 400;\">Google Cloud Load Balancers<\/span><span style=\"font-weight: 400;\">, giving you proven infrastructure assurance. In addition, while making IPv6 available to the world, you can protect your applications with Google Cloud privacy policy. <\/span><span style=\"font-weight: 400;\">Cloud Armor<\/span><span style=\"font-weight: 400;\">.<\/span><\/li>\n<\/ul>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Now, let\u2019s take a look at the latest IPv6 features and capabilities we\u2019ve developed for GKE.<\/span><\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_80 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewbox=\"0 0 24 24\" version=\"1.2\" baseprofile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/gcloudvn.com\/en\/kienthuc\/operational-goodies-for-your-ipv4-ipv6-dual-stack-kubernetes-clusters\/#GKE_Load_Balancer_Services\" >GKE Load Balancer Services<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/gcloudvn.com\/en\/kienthuc\/operational-goodies-for-your-ipv4-ipv6-dual-stack-kubernetes-clusters\/#GKE_FQDN_Network_Policies\" >GKE FQDN Network Policies<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/gcloudvn.com\/en\/kienthuc\/operational-goodies-for-your-ipv4-ipv6-dual-stack-kubernetes-clusters\/#GKE_Dataplane_V2_observability\" >GKE Dataplane V2 observability<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/gcloudvn.com\/en\/kienthuc\/operational-goodies-for-your-ipv4-ipv6-dual-stack-kubernetes-clusters\/#Get_ready_for_dual-stack_GKE_Clusters\" >Get ready for dual-stack GKE Clusters<\/a><\/li><\/ul><\/nav><\/div>\n<h2 style=\"text-align: justify;\"><span class=\"ez-toc-section\" id=\"GKE_Load_Balancer_Services\"><\/span><b>GKE Load Balancer Services<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Google are excited to announce that the Service type <\/span><i><span style=\"font-weight: 400;\">LoadBalancer <\/span><\/i><span style=\"font-weight: 400;\">now available with dual-stack feature. This means you will be able to create Kubernetes <\/span><i><span style=\"font-weight: 400;\">LoadBalancer <\/span><\/i><span style=\"font-weight: 400;\">Services and specify their families&#039; IP addresses. For the sake of running GKE, they are deployed as Google Cloud Network Load Balancers, which can be handled publicly or privately with an IP address of your choice (i.e. IPv4, IPv6 only, or both).<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Here\u2019s an example of a YAML that you can use to create a dual-stack Kubernetes <\/span><i><span style=\"font-weight: 400;\">LoadBalancer <\/span><\/i><span style=\"font-weight: 400;\">Service on GKE is discovered as Google Cloud Network Load Balancer:<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\"><a href=\"https:\/\/gcloudvn.com\/en\/kienthuc\/operational-goodies-for-your-ipv4-ipv6-dual-stack-kubernetes-clusters\/attachment\/dual_stack_kubernetes_clusters_1\/\" rel=\"attachment wp-att-15030\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-15030\" src=\"https:\/\/gcloudvn.com\/wp-content\/uploads\/2023\/07\/dual_stack_kubernetes_clusters_1.jpg\" alt=\"Google Kubernetes Engine supports Dual-Stack Kubernetes clusters for both IPv4\/IPv6 1\" width=\"600\" height=\"375\" srcset=\"https:\/\/gcloudvn.com\/wp-content\/uploads\/2023\/07\/dual_stack_kubernetes_clusters_1.jpg 598w, https:\/\/gcloudvn.com\/wp-content\/uploads\/2023\/07\/dual_stack_kubernetes_clusters_1-18x12.jpg 18w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><\/a>Once you\u2019ve created a dual-stack Kubernetes <\/span><i><span style=\"font-weight: 400;\">LoadBalancer <\/span><\/i><span style=\"font-weight: 400;\">Service, you can confirm that both an IPv4 and IPv6 address have been assigned to the Service:<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-15029\" src=\"https:\/\/gcloudvn.com\/wp-content\/uploads\/2023\/07\/dual_stack_kubernetes_clusters_2.jpg\" alt=\"Google Kubernetes Engine supports Dual-Stack Kubernetes clusters for both IPv4\/IPv6 2\" width=\"600\" height=\"161\" srcset=\"https:\/\/gcloudvn.com\/wp-content\/uploads\/2023\/07\/dual_stack_kubernetes_clusters_2.jpg 598w, https:\/\/gcloudvn.com\/wp-content\/uploads\/2023\/07\/dual_stack_kubernetes_clusters_2-18x5.jpg 18w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/>You can use the standard Kubernetes API to create dual-stack Load Balancers and apply GKE annotations as you like.<\/span><\/p>\n<h2 style=\"text-align: justify;\"><span class=\"ez-toc-section\" id=\"GKE_FQDN_Network_Policies\"><\/span><b>GKE FQDN Network Policies<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Google is enhancing the capabilities of GKE with dual-stack support for the Fully qualified domain name (FQDN) feature. This exciting feature elevates the Network Security status of workloads deployed on GKE to account for IPv6-enabled applications.<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">By leveraging both A and AAAA records, FQDN Network Policies provides enhanced network security for both IPv4 and IPv6 address types. FQDN Network Policies enforces outbound traffic policies when workloads reach specific destinations outside of GKE cluster(s) that are resolved as IPv4 or IPv6 addresses. The FQDN complements any existing endpoints that are allowed by Egress Network Policy. When the FQDN Network Policies is created and applied as an Egress policy, a DENY directive is applied to all endpoints that are not specified as whitelisted destinations.<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">These capabilities provide network security consistency across both IPv4 and IPv6 as you bring your IPv6-capable workloads onto GKE.<\/span><\/p>\n<h2 style=\"text-align: justify;\"><span class=\"ez-toc-section\" id=\"GKE_Dataplane_V2_observability\"><\/span><b>GKE Dataplane V2 observability<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Opening up a world of metrics \u2014 our GKE Dataplane V2 observability launch brings visibility into your IP4\/IPv6 workloads. This feature set includes metrics and troubleshooting tools to make your dual-stack GKE clusters operationally ready. The GKE Dataplane V2 observability stack enables you to have dual-stack Pod traffic metrics for the network info you care about. You can use Cloud Monitoring Metrics Explorer to monitor Dataplane V2 metrics for your IPv6 workloads, while our Managed <\/span><a href=\"https:\/\/github.com\/cilium\/hubble\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">Hubble<\/span><\/a><span style=\"font-weight: 400;\"> solution for IPv6 Kubernetes workloads on GKE that allows you to troubleshoot environments. The Open source Hubble project is an Observability platform built on top of Cilium and eBPF. Built for GKE&#039;s Dataplane V2, the Managed Hubble UI gives you the ability to display Network Policy enforcement and connection information in the form of a service map and a Network Policy decision table. Finally, a CLI for live interactive troubleshooting allows you to better understand your dual-stack Kubernetes workloads.<\/span><\/p>\n<h2 style=\"text-align: justify;\"><span class=\"ez-toc-section\" id=\"Get_ready_for_dual-stack_GKE_Clusters\"><\/span><b>Get ready for dual-stack GKE Clusters<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Currently, Google users are thinking that dual-stack clusters are a stepping stone to an IPv6-only world. Together, this feature set improves the availability of Kubernetes workloads for IPv6. Going to full production with IPv6 means that Google is demonstrating a readiness for operations with high levels of availability, security, and visibility. These releases will give you more confidence when running dual-stack workloads on GKE.<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">To read more, check out Google&#039;s current dual-stack capabilities resources.<\/span><\/p>\n<p style=\"text-align: justify;\"><b>Explore more:<\/b><\/p>\n<ol>\n<li style=\"font-weight: 400; text-align: justify;\" aria-level=\"1\"><a href=\"https:\/\/cloud.google.com\/kubernetes-engine\/docs\/concepts\/alias-ips#dual_stack_network\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">GKE dual-stack clusters network overview<\/span><\/a><\/li>\n<li style=\"font-weight: 400; text-align: justify;\" aria-level=\"1\"><a href=\"https:\/\/cloud.google.com\/kubernetes-engine\/docs\/how-to\/alias-ips#dual-stack\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">GKE dual-stack cluster creation on an IPv4\/IPv6 network<\/span><\/a><\/li>\n<li style=\"font-weight: 400; text-align: justify;\" aria-level=\"1\"><a href=\"https:\/\/cloud.google.com\/kubernetes-engine\/docs\/how-to\/cloud-dns\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">Cloud DNS for GKE<\/span><\/a><\/li>\n<li style=\"font-weight: 400; text-align: justify;\" aria-level=\"1\"><a href=\"https:\/\/cloud.google.com\/kubernetes-engine\/docs\/concepts\/gateway-api\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">GKE Gateway details<\/span><\/a><\/li>\n<li style=\"font-weight: 400; text-align: justify;\" aria-level=\"1\"><a href=\"https:\/\/cloud.google.com\/kubernetes-engine\/docs\/how-to\/configure-gateway-resources#configure_cloud_armor\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">GKE Gateway configuration for Cloud Armor security policies<\/span><\/a><\/li>\n<li style=\"font-weight: 400; text-align: justify;\" aria-level=\"1\"><a href=\"https:\/\/cloud.google.com\/kubernetes-engine\/docs\/how-to\/fqdn-network-policies\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">GKE FQDN Network Policies<\/span><\/a><\/li>\n<li style=\"font-weight: 400; text-align: justify;\" aria-level=\"1\"><a href=\"https:\/\/cloud.google.com\/kubernetes-engine\/docs\/concepts\/about-dpv2-observability\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">GKE Dataplane V2 observability<\/span><\/a><\/li>\n<li style=\"font-weight: 400; text-align: justify;\" aria-level=\"1\"><a href=\"https:\/\/cloud.google.com\/monitoring\/charts\/metrics-selector\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">Cloud Monitoring Metric Explorer<\/span><\/a><\/li>\n<\/ol>","protected":false},"excerpt":{"rendered":"<p>Doanh nghi\u1ec7p c\u1ee7a b\u1ea1n \u0111\u00e3 s\u1eb5n s\u00e0ng b\u1eaft \u0111\u1ea7u v\u1edbi IPv6 ch\u01b0a? Cloud provider c\u1ee7a b\u1ea1n \u0111\u00e3 s\u1eb5n s\u00e0ng \u0111\u1ec3 \u0111\u1ed3ng h\u00e0nh v\u1edbi b\u1ea1n ch\u01b0a? Google Kubernetes Engine (GKE) hi\u1ec7n h\u1ed7 tr\u1ee3 dual-stack Kubernetes clusters nh\u1eb1m h\u1ed7 tr\u1ee3 qu\u00e1 tr\u00ecnh&hellip;<\/p>","protected":false},"author":2,"featured_media":15028,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1,135],"tags":[],"class_list":["post-15027","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-kienthuc","category-google-cloud-platform","entry","has-media"],"_links":{"self":[{"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/posts\/15027","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/comments?post=15027"}],"version-history":[{"count":0,"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/posts\/15027\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/media\/15028"}],"wp:attachment":[{"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/media?parent=15027"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/categories?post=15027"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/tags?post=15027"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}