vexxhost · mpiscaer · Dec 10, 2025 · Dec 10, 2025 · Dec 10, 2025 · Dec 10, 2025
diff --git a/roles/cilium/files/chart/templates/cilium-configmap.yaml b/roles/cilium/files/chart/templates/cilium-configmap.yaml
@@ -469,6 +469,9 @@ data:
 {{- if .Values.tunnelPort }}
   tunnel-port: {{ .Values.tunnelPort | quote }}
 {{- end }}
+{{- if .Values.underlayProtocol }}
+  underlay-protocol: {{ .Values.underlayProtocol | quote }}
+{{- end }}
 
 {{- if .Values.MTU }}
   mtu: {{ .Values.MTU | quote }}

diff --git a/roles/cilium/files/chart/values.yaml b/roles/cilium/files/chart/values.yaml
@@ -2125,6 +2125,10 @@ tunnel: ""
 # @default -- `"vxlan"`
 tunnelProtocol: ""
 
+# -- IP family for the underlay.
+# @default -- `"ipv4"`
+underlayProtocol: ""
+
 # -- Enable native-routing mode or tunneling mode.
 # Possible values:
 #   - ""

diff --git a/roles/cilium/templates/values.yml.j2 b/roles/cilium/templates/values.yml.j2
@@ -4,6 +4,10 @@ image:
   useDigest: false
 hubble:
   enabled: false
+ipv4:
+  enabled: false
+ipv6:
+  enabled: true
 tunnel: geneve
 tunnelPort: 6082
 operator:
@@ -17,10 +21,13 @@ operator:
 {% else %}
     node-role.kubernetes.io/master: ""
 {% endif %}
+underlayProtocol: ipv6
 ipam:
   operator:
     clusterPoolIPv4PodCIDRList:
       - "{{ cilium_ipv4_cidr | default('10.0.0.0/8') }}"
+    clusterPoolIPv6PodCIDRList:
+      - "{{ cilium_ipv6_cidr | default('fdac:bb5e:e415::/112')}}"
 {% if cilium_replace_kube_proxy %}
 k8sServiceHost: "{{ kubernetes_hostname }}"
 k8sServicePort: 6443

diff --git a/roles/kube_vip/templates/kube-vip.yaml.j2 b/roles/kube_vip/templates/kube-vip.yaml.j2
@@ -14,7 +14,7 @@ spec:
     - name: vip_interface
       value: "{{ kube_vip_interface }}"
     - name: vip_cidr
-      value: "32"
+      value: "128"
     - name: cp_enable
       value: "true"
     - name: cp_namespace

diff --git a/roles/kubelet/defaults/main.yml b/roles/kubelet/defaults/main.yml
@@ -464,6 +464,8 @@ kubelet_allow_unsafe_swap: false
 kubelet_sysctls:
   - name: net.ipv4.ip_forward
     value: 1
+  - name: net.ipv6.conf.default.forwarding
+    value: 1
   - name: net.bridge.bridge-nf-call-iptables
     value: 1
   - name: net.bridge.bridge-nf-call-ip6tables

diff --git a/roles/kubernetes/templates/kubeadm.yaml.j2 b/roles/kubernetes/templates/kubeadm.yaml.j2
@@ -71,6 +71,9 @@ etcd:
 {% if kubernetes_version is ansible.builtin.version('1.28.0', '>=') %}
       tls-min-version: TLS1.3
 {% endif %}
+networking:
+  podSubnet: "fd40:10::/64"
+  serviceSubnet: "fd40:10:100::/112"
 apiServer:
   extraArgs:
 {% if kubernetes_version is ansible.builtin.version('1.28.0', '>=') %}