Skip to content

Set ipFamilyPolicy on RTC SFU NodePorts #660

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Set ipFamilyPolicy on RTC SFU NodePorts #660

wants to merge 1 commit into from

Conversation

rarbab
Copy link

@rarbab rarbab commented Aug 8, 2025

If the cluster is IPv6 enabled, NodePorts created for RTC SFU will still default to SingleStack. Set ipFamilyPolicy on these ports to PreferDualStack instead so we can connect with both IPv4 and v6.

This should cause no change in behavior on an IPv4-only install.

@rarbab
Set ipFamilyPolicy on RTC SFU NodePorts
ab8a00c 
If the cluster is IPv6 enabled [1], NodePorts created for RTC SFU will
still default to SingleStack. Set ipFamilyPolicy on these ports to
PreferDualStack instead so we can connect with both IPv4 and v6.

This should cause no change in behavior on an IPv4-only install.

[1] https://docs.k3s.io/networking/basic-network-options#dual-stack-ipv4--ipv6-networking
@rarbab rarbab requested a review from a team as a code owner August 8, 2025 20:44
@CLAassistant
Copy link

CLAassistant commented Aug 8, 2025
edited
Loading

CLA assistant check
All committers have signed the CLA.

@github-actions GitHub Actions
Copy link

github-actions bot commented Aug 11, 2025
edited
Loading

dyff of changes in rendered templates of CI manifests

Full contents of manifests and dyffs are available in https://github.com/element-hq/ess-helm/actions/runs/16876490201/artifacts/3733019933

matrix-rtc-checkov-values.yaml 
@@ Service/ess-ci/release-name-matrix-rtc-sfu-muxed-udp - spec @@
+   ipFamilyPolicy: PreferDualStack



@@ Service/ess-ci/release-name-matrix-rtc-sfu-tcp - spec @@
+   ipFamilyPolicy: PreferDualStack
matrix-rtc-exposed-services-values.yaml 
@@ Service/ess-ci/release-name-matrix-rtc-sfu-muxed-udp - spec @@
+   ipFamilyPolicy: PreferDualStack



@@ Service/ess-ci/release-name-matrix-rtc-sfu-tcp - spec @@
+   ipFamilyPolicy: PreferDualStack



@@ Service/ess-ci/release-name-matrix-rtc-sfu-udp-range-0 - spec @@
+   ipFamilyPolicy: PreferDualStack



@@ Service/ess-ci/release-name-matrix-rtc-sfu-udp-range-1 - spec @@
+   ipFamilyPolicy: PreferDualStack
matrix-rtc-minimal-values.yaml 
@@ Service/ess-ci/release-name-matrix-rtc-sfu-muxed-udp - spec @@
+   ipFamilyPolicy: PreferDualStack



@@ Service/ess-ci/release-name-matrix-rtc-sfu-tcp - spec @@
+   ipFamilyPolicy: PreferDualStack
matrix-rtc-secrets-externally-values.yaml 
@@ Service/ess-ci/release-name-matrix-rtc-sfu-muxed-udp - spec @@
+   ipFamilyPolicy: PreferDualStack



@@ Service/ess-ci/release-name-matrix-rtc-sfu-tcp - spec @@
+   ipFamilyPolicy: PreferDualStack
matrix-rtc-secrets-in-helm-values.yaml 
@@ Service/ess-ci/release-name-matrix-rtc-sfu-muxed-udp - spec @@
+   ipFamilyPolicy: PreferDualStack



@@ Service/ess-ci/release-name-matrix-rtc-sfu-tcp - spec @@
+   ipFamilyPolicy: PreferDualStack
pytest-matrix-rtc-standalone-values.yaml 
@@ Service/ess-ci/release-name-matrix-rtc-sfu-muxed-udp - spec @@
+   ipFamilyPolicy: PreferDualStack



@@ Service/ess-ci/release-name-matrix-rtc-sfu-tcp - spec @@
+   ipFamilyPolicy: PreferDualStack
pytest-matrix-rtc-synapse-wellknown-values.yaml 
@@ Service/ess-ci/release-name-matrix-rtc-sfu-muxed-udp - spec @@
+   ipFamilyPolicy: PreferDualStack



@@ Service/ess-ci/release-name-matrix-rtc-sfu-tcp - spec @@
+   ipFamilyPolicy: PreferDualStack
quick-setup-certificates-pg-external-values.yaml 
@@ Service/ess-ci/release-name-matrix-rtc-sfu-muxed-udp - spec @@
+   ipFamilyPolicy: PreferDualStack



@@ Service/ess-ci/release-name-matrix-rtc-sfu-tcp - spec @@
+   ipFamilyPolicy: PreferDualStack
quick-setup-certificates-pg-with-helm-values.yaml 
@@ Service/ess-ci/release-name-matrix-rtc-sfu-muxed-udp - spec @@
+   ipFamilyPolicy: PreferDualStack



@@ Service/ess-ci/release-name-matrix-rtc-sfu-tcp - spec @@
+   ipFamilyPolicy: PreferDualStack
quick-setup-external-cert-pg-external-values.yaml 
@@ Service/ess-ci/release-name-matrix-rtc-sfu-muxed-udp - spec @@
+   ipFamilyPolicy: PreferDualStack



@@ Service/ess-ci/release-name-matrix-rtc-sfu-tcp - spec @@
+   ipFamilyPolicy: PreferDualStack
quick-setup-external-cert-pg-with-helm-values.yaml 
@@ Service/ess-ci/release-name-matrix-rtc-sfu-muxed-udp - spec @@
+   ipFamilyPolicy: PreferDualStack



@@ Service/ess-ci/release-name-matrix-rtc-sfu-tcp - spec @@
+   ipFamilyPolicy: PreferDualStack
quick-setup-letsencrypt-pg-external-values.yaml 
@@ Service/ess-ci/release-name-matrix-rtc-sfu-muxed-udp - spec @@
+   ipFamilyPolicy: PreferDualStack



@@ Service/ess-ci/release-name-matrix-rtc-sfu-tcp - spec @@
+   ipFamilyPolicy: PreferDualStack
quick-setup-letsencrypt-pg-with-helm-values.yaml 
@@ Service/ess-ci/release-name-matrix-rtc-sfu-muxed-udp - spec @@
+   ipFamilyPolicy: PreferDualStack



@@ Service/ess-ci/release-name-matrix-rtc-sfu-tcp - spec @@
+   ipFamilyPolicy: PreferDualStack
quick-setup-wildcard-cert-pg-external-values.yaml 
@@ Service/ess-ci/release-name-matrix-rtc-sfu-muxed-udp - spec @@
+   ipFamilyPolicy: PreferDualStack



@@ Service/ess-ci/release-name-matrix-rtc-sfu-tcp - spec @@
+   ipFamilyPolicy: PreferDualStack
quick-setup-wildcard-cert-pg-with-helm-values.yaml 
@@ Service/ess-ci/release-name-matrix-rtc-sfu-muxed-udp - spec @@
+   ipFamilyPolicy: PreferDualStack



@@ Service/ess-ci/release-name-matrix-rtc-sfu-tcp - spec @@
+   ipFamilyPolicy: PreferDualStack

@gaelgatelement gaelgatelement mentioned this pull request Aug 11, 2025
Merged
@benbz
Copy link
Member

benbz commented Aug 11, 2025

Thanks for this contribution. Some notes / thoughts

  • We're attempting to fix the integration test failures for you in fix external contributors ci #661
  • Should changes happen to other Services as well or is it only important for the Matrix RTC Services?
  • Is there value in this being configurable rather than hard-coded to PreferDualStack?

@gaelgatelement
Copy link
Member

Sorry for closing the PR, linking the PRs made github think it should close it.

@rarbab
Copy link
Author

rarbab commented Aug 11, 2025

  • Should changes happen to other Services as well or is it only important for the Matrix RTC Services?

I think it only matters for ports that get exposed outside the cluster. Other than the RTC ports I'm enabling in this PR, this chart only exposes http/https via traefik LoadBalancer ingress, and those seem to listen to IPv6 automatically when I enabled it.

  • Is there value in this being configurable rather than hard-coded to PreferDualStack?

I don't think so. There are only a few options for this resource:

  • SingleStack: "The Service uses either IPv4 or IPv6, but not both."
  • PreferDualStack: "The Service will attempt to use both IPv4 and IPv6, but will fall back to a single stack if dual-stack is not available."
  • RequireDualStack: "The Service requires both IPv4 and IPv6 addresses and will not be created if dual-stack is not available."

I don't see why someone would pick one of others.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@rarbab @CLAassistant @benbz @gaelgatelement