-
Notifications
You must be signed in to change notification settings - Fork 17
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Runtime Daemon Doesn't Support IPv6 - CloudGuard #153
Comments
Hello @matthenry87, |
This is an AWS EKS cluster using IPv6. All of the pods and services are assigned IPv6 addresses within the cluster. Technically the cluster is not 100% IPv6 because EKS still requires the worker nodes to be assigned IPv4 addresses as well. The IP it seems to be breaking on looks like it is from the cluster's services CIDR. |
@matthenry87 Indeed Runtime Protection team confirmed IPv6 is not supported, so it's a limitation. |
@matthenry87 may I close this issue here? |
Is the image also open source? If so, may I contribute the fix? Imo it's not very acceptable to not support something that's been supported by k8s proper for a long time now. It shouldn't matter which CNI driver we're using, or how it's configured. Why wouldn't this be considered a bug rather than an enhancement? |
@matthenry87 I apologize for the delay. |
Hi @matthenry87, |
That is what I observe as well from a consumer perspective. The runtime protection containers are attempting to parse the port number from the IP but seems to be expecting a static format (IPv4). |
The agent never goes into a good state, because of the errors in the runtime daemon logs:
Seems it's relying on the expected structure of IPv4.
The text was updated successfully, but these errors were encountered: