Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

k3s + tailscale + dual-stack ipv6 doesn't start with tailscale advertise-routes error #11572

Open
m00nwtchr opened this issue Jan 12, 2025 · 4 comments
Open

k3s + tailscale + dual-stack ipv6 doesn't start with tailscale advertise-routes error #11572

m00nwtchr opened this issue Jan 12, 2025 · 4 comments

Comments

@m00nwtchr
Copy link

m00nwtchr commented Jan 12, 2025
edited
Loading

Environmental Info:
K3s Version: v1.31.4+k3s1 (a562d09)

Node(s) CPU architecture, OS, and Version: Linux m-server 6.6.69-hardened1 NixOS SMP PREEMPT_DYNAMIC Thu Jan 2 09:32:11 UTC 2025 x86_64 GNU/Linux

Cluster Configuration:
1 server 1 agent

Describe the bug:
After enabling IPv6 dual stack and re-creating the cluster the following error message appears:
flannel exited: failed to register flannel network: failed to run command: tailscale set --accept-routes --advertise-routes=$SUBNET,$IPV6SUBNET Err: exit status 1 Output: ::/0 advertised without its IPv4 counterpart, please also advertise 0.0.0.0/0

Steps To Reproduce:
NixOS k3s module:

{ config, lib, pkgs, ... }:

{
  networking.firewall.allowedTCPPorts = [
    6443 # k3s: required so that pods can reach the API server (running on port 6443 by default)
    2379 # k3s, etcd clients: required if using a "High Availability Embedded etcd" configuration
    2380 # k3s, etcd peers: required if using a "High Availability Embedded etcd" configuration
  ];
  networking.firewall.allowedUDPPorts = [
    8472 # k3s, flannel: required if using multi-node for inter-node networking
  ];

  services.tailscale.enable = true;
  systemd.services.k3s.path = [ pkgs.tailscale pkgs.nftables ];

  services.k3s = {
    enable = true;
    token = "<token>";
    extraFlags = lib.strings.concatStringsSep " " ([
      "--vpn-auth=name=tailscale,joinKey=<tailscale key>"
    ] ++ (if config.services.k3s.role == "server" then [
      "--cluster-cidr=10.42.0.0/16,2001:cafe:42::/56"
      "--service-cidr=10.43.0.0/16,2001:cafe:43::/112"
    ] else []));
  };
}
@m00nwtchr m00nwtchr changed the title k3s + tailscale + dual-stack ipv6 doesn't start k3s + tailscale + dual-stack ipv6 doesn't start with tailscale advertise-routes error Jan 12, 2025
@brandond
Copy link
Member

@manuelbuil any ideas?

@m00nwtchr
Copy link
Author

m00nwtchr commented Jan 14, 2025
edited
Loading

Also, seems like if trying to run in IPv6 only mode, k3s always picks up only the IPv4 address to use to advertise, which creates a apiserver exited: service IP family "2001:cafe:43::/112" must match public address family "100.64.190.109" error, and in an IPv6 only tailnet I just get: "tailscale does not provide an ipv4 address"

@brandond
Copy link
Member

What happens if you provide ipv4,ipv6 --node-ip addresses?

@caroline-suse-rancher caroline-suse-rancher moved this from New to In Triage in K3s Development Jan 16, 2025
@m00nwtchr
Copy link
Author

Update for the original issue: Looks like it just randomly went away without changing anything.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
K3s Development
Status: In Triage
Milestone
No milestone
Development

No branches or pull requests
2 participants
@brandond @m00nwtchr