Skip to content

nginx image doesn't work on IPv6 only kubernetes #394

@Frankkkkk

Description

@Frankkkkk

Hi,
nginx:latest doesn't seem to listen on IPv6 addresses. This is a problem on v6 only kubernetes/docker as they thus have no connectivity.

Steps to reproduce

Create a deployment with

$ kubectl create deployment d-nginx --image=nginx
deployment.apps/d-nginx created

Then, we can check that the container doesn't reply on IPv6:

$ kubectl get pod -o wide
NAME                       READY   STATUS    RESTARTS   AGE   IP                                   NODE             NOMINATED NODE   READINESS GATES
d-nginx-b94ddb98b-b9hgx    1/1     Running   0          16s   xxxx:xxxx:cafe:1002:27:ffff:0:bcee   pik-c1-33-vm-3   <none>           <none>

$ curl http://[xxxx:xxxx:cafe:1002:27:ffff:0:bcee]
curl: (7) Failed to connect to xxxx:xxxx:cafe:1002:27:ffff:0:bcee port 80: Connection refused

Logging in on the pod, I can indeed see that it listens on IPv4 only:

root@d-nginx-b94ddb98b-b9hgx:/# ss -lnt  
State                    Recv-Q                    Send-Q                                       Local Address:Port                                       Peer Address:Port                   
LISTEN                   0                         128                                                0.0.0.0:80                                              0.0.0.0:*                      

And its connectivity:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
174: eth0@if175: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP 
    inet6 xxxx:xxxx:cafe:1002:27:ffff:0:bcee/128 scope global nodad 
       valid_lft forever preferred_lft forever
    inet6 fe80::f048:dfff:fe05:1e74/64 scope link 
       valid_lft forever preferred_lft forever

Expected results

however, it works with httpd for example:

$ kubectl create deployment d-httpd --image=httpd
deployment.apps/d-httpd created

$ kubectl get pod -o wide
NAME                       READY   STATUS    RESTARTS   AGE   IP                                   NODE             NOMINATED NODE   READINESS GATES
d-httpd-549ff79598-5s2xd   1/1     Running   0          10s   xxxx:xxxx:cafe:1002:7:ffff:0:b3cd    pik-c1-13-vm-1   <none>           <none>

$ curl http://[xxxx:xxxx:cafe:1002:7:ffff:0:b3cd]
<html><body><h1>It works!</h1></body></html>

Should we listen by default on v6 addresses too ?

Cheers

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions