k8s loadbalancer service with externalTrafficPolicy=local passes through client ip on IPv4, hides it on IPv6

networking ipv6 kubernetes calico ipvs

Solution 1:

It turns out that I had an old installation of ip-masq-agent running, which was configured to erroneously do natting of IPv6 traffic both in and out of the cluster. I figured this out by looking at the ip6tables rules and seeing a bunch of MASQUERADE rules that had been populated by ip-masq-agent.

Removing this deployment from the cluster and rebooting the nodes to remove the ip6tables rules solved the problem.

Related

GCP: Can I list permissions assigned to custom role using gcloud?
How to build a driver disk for an anaconda install (CentOS 6)
Can't PING domains with ipv6 address
Getting SENDMAIL (as a client) to use AUTH LOGIN
Getting "Must enable billing on Google Cloud Project"
Royally messed up my Windows Server 2008 R2
dell poweredge pcie training error, what to do?
Unsupported parameters for (expect) module error Ansible?
nginx hidden file deny configuration?
Make `systemd-run` fail gracefully if the unit name already exists?
How can I make my custom "[email protected]" e-mail address if I'm the owner of "example.com"
Best way to archive journald logs in a space-efficient way?