In the dynamic world of cloud computing and Kubernetes, Azure Kubernetes Service (AKS) has introduced an exciting public preview feature: Dual-Stack Networking in Azure CNI Overlay. This feature allows both IPv4 and IPv6 addresses to coexist in the same cluster, enhancing connectivity and preparing your infrastructure for the future. Let’s walk through the process of enabling this feature and deploying a dual-stack AKS cluster.
What is Dual-Stack Networking in Azure CNI Overlay for AKS?
Dual-stack networking allows both IPv4 and IPv6 addresses to coexist and function within the same AKS cluster. This new feature is a game-changer for organizations looking to modernize their applications and infrastructure. By supporting both IP address families, Azure CNI Overlay for AKS offers unparalleled flexibility and connectivity options, ensuring seamless communication with external systems that operate on either IPv4 or IPv6.
The Advantages of Dual-Stack Networking
- Enhanced Flexibility: Dual-stack networking enables applications to be accessible over both IPv4 and IPv6, catering to a broader range of network environments.
- Future-Proofing: With the gradual shift towards IPv6, this feature prepares your AKS deployments for future network standards.
- Seamless Communication: Ensures uninterrupted communication with systems and services that are already operating on IPv6.
Prerequisites and Limitations
Before diving into this new feature, it’s important to understand the prerequisites and limitations:
- Azure CLI 2.48.0 or later is required.
- The feature is accessible after registering the Microsoft.ContainerService AzureOverlayDualStackPreview feature flag.
- Your Kubernetes version must be 1.26.3 or greater.
However, note that there are certain limitations. As of now, dual-stack networking does not support:
- Windows Node pools
- Azure and Calico network policies
- NAT Gateway
- Virtual nodes add-on.
Enabling Dual-Stack Networking in AKS
To begin, you need to register the AzureOverlayDualStackPreview feature flag. This can be done using the Azure CLI as follows:
- You can access Azure Cloud Shell by navigating to https://shell.azure.com or via the Azure portal.
- Execute the following command:
|
1 |
az feature register --namespace "Microsoft.ContainerService" --name "AzureOverlayDualStackPreview" |
This command registers the feature flag with your Azure subscription. It can take a short while to finish.
- Confirm that the registration is complete by running:
|
1 |
az feature show --namespace "Microsoft.ContainerService" --name "AzureOverlayDualStackPreview" |
Wait until the status shows ‘Registered‘.
- After registration, refresh the Microsoft.ContainerService resource provider using:
|
1 |
az provider register --namespace Microsoft.ContainerService |
Deploying a Dual-Stack AKS Cluster
Step 1: Create a Resource Group
First, create a resource group for your cluster in your preferred region:
|
1 |
az group create -l <region> -n <resourceGroupName> |
Replace <region> and <resourceGroupName> with your desired Azure region and a name for the resource group.
Step 2: Create the Cluster
Now, create a dual-stack AKS cluster using the Azure CLI:
|
1 |
az aks create -l <region> -g <resourceGroupName> -n <clusterName> --network-plugin azure --network-plugin-mode overlay --ip-families ipv4,ipv6 |
Replace <region>, <resourceGroupName>, and <clusterName> with your chosen values.
Deploying and Exposing a Workload
Let’s deploy an NGINX Web Server to test. but first we need to connect to the cluster.
- Use az aks get-credentials to connect to the cluster:
|
1 |
az aks get-credentials -g <resourceGroupName> -n <clusterName> |
- Now we can use kubectl to create an NGINX deployment:
|
1 |
kubectl create deployment nginx --image=nginx:latest --replicas=3 |
- Check the pod resources using:
|
1 |
kubectl get pods -o custom-columns="NAME:.metadata.name,IPs:.status.podIPs[*].ip,NODE:.spec.nodeName,READY:.status.condition[?(@.type=='Ready')].status" |
The output will show pods with both IPv4 and IPv6 addresses.
Expose the Workload via LoadBalancer Services
- Expose the NGINX Deployment for IPv4 and IPv6:
|
1 2 |
kubectl expose deployment nginx --name=nginx-ipv4 --port=80 --type=LoadBalancer kubectl expose deployment nginx --name=nginx-ipv6 --port=80 --type=LoadBalancer --overrides='{"spec":{"ipFamilies": ["IPv6"]}}' |
- Once the services are provisioned, get their IP addresses:
|
1 |
kubectl get services |
This will display the external IP addresses for both IPv4 and IPv6 services.
Testing the Deployment
To confirm that everything is working as expected you can use a web browser or a tool like curl from an IPv6 capable host to access the NGINX server using the IPv6 service IP address. Unfortunately, Azure Cloud Shell doesn’t support IPv6, so this step needs to be performed from a capable environment.
By following these steps, you can successfully deploy a dual-stack AKS cluster and test its functionality with an example workload. Remember, this feature is in public preview and not recommended for production environments yet. Stay tuned for more updates and enhancements as Azure continues to evolve its Kubernetes service offerings.
Conclusion
The introduction of dual-stack support in Azure CNI Overlay for AKS is a significant step towards more versatile and future-proof networking in Kubernetes environments. While it’s important to be aware of its current limitations and prerequisites, the benefits it brings in terms of connectivity and flexibility are undeniable. As with any preview feature, remember that it’s not recommended for production use yet, but it’s certainly worth exploring for development and testing environments.
1 Comment
Amelia · January 21, 2025 at 7:40 pm
Thank you for this excellent article It was very helpful and informative.