What's necessary for a bare metal dual stack kubernetes setup?

Solution 1:

I used Kubernetes 1.21 with Calico for networking behind my BGP router/firewall (Juniper SRX) for external connectivity. Calico can be combined with metallb where metallb does the orchestration and Calico does the BGP routing. See https://docs.projectcalico.org/networking/advertise-service-ips#advertise-service-load-balancer-ip-addresses for more details on that.

Add nginx for ingress and cert-manager for certificates, and you should have everything you need.

I did notice that the load balancer doesn't handle dual stack, but you can easily work around that by creating two separate ones: one single stack IPv6 and one single stack IPv4.

Solution 2:

I'm using Kubernetes 1.21 with Calico and BGP without metalb.

Using traefik for ingress and cert-manager for certificates.

The Traefik load balancer does support dual stack, at least without metalb, but requires you to set ipFamilyPolicy on the service to PreferDualStack, and have services cidr configured with IPv6 cidr (which should be done by default on kubeadm v1.21+). I had to use RequireDualStack with k3s for it to accept IPv6 connections.

https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services https://kubernetes.io/docs/tasks/network/validate-dual-stack/