Skip to content

Node labeling fails when processing services with ipv6 addresses

Describe the bug

With enable_node_labeling and a service with IPFamily IPv6, node labeling fails because : is not an acceptable label value, leading to errors like this in the log:

ERROR error adding label to node: node patching failed with patch [{"op":"add","path":"/metadata/labels/service-provided.kube-vip.io~1app1-svc.test-services","value":"fe00:100:e01:24:25:2:0:1"}]: Node "bgp01" is invalid: metadata.labels: Invalid value: "fe00:100:e01:24:25:2:0:1": a valid label must be an empty string or consist of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyValue', or 'my_value', or '12345', regex used for validation is '(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?')

I'm not really sure what the best course of action here is. Probably uncompressed hex string e.g. fe0001000e0100240025000200000001 or space separating the hextets instead of using colons?

To Reproduce

  1. Use kube-vip with enable_node_labeling
  2. Create LoadBalancer service with IPv6 address
  3. Observe error in logs

Expected behavior

Node label sucessfully added

Environment:

  • OS/Distro: Debian 13
  • Kubernetes Version: v1.34.1
  • Kube-vip Version: 1.0.1

Kube-vip.yaml:

apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: kube-vip-ds
  namespace: kube-system
spec:
  selector:
    matchLabels:
      name: kube-vip-ds
  template:
    metadata:
      labels:
        name: kube-vip-ds
    spec:
      containers:
      - args:
        - manager
        env:
        - name: enable_node_labeling
          value: "true"
        - name: egress_clean
          value: "true"
        - name: egress_podcidr
          value: {{ cluster_cidr | ansible.utils.ipaddr('net') | join(',') }}
        - name: egress_servicecidr
          value: {{ service_cidr | ansible.utils.ipaddr('net') | join(',') }}
        - name: egress_withnftables
          value: "true"
        - name: prometheus_server
          #value: "[::]:2113"
          value: $(bgp_routerid):2113
        - name: cp_enable
          value: "false"
        - name: svc_enable
          value: "true"
        - name: bgp_routerid
          valueFrom:
            fieldRef:
              fieldPath: status.hostIP
        - name: bgp_enable
          value: "true"
        - name: bgp_as
          value: "{{bgp_my_asn}}"
        - name: bgp_peers
          valueFrom:
            secretKeyRef:
              name: kube-vip-sensitive
              key: kube-vip-bgp-peers
        image: plndr/kube-vip:v1.0.1
        imagePullPolicy: IfNotPresent
        name: kube-vip-servicelb
        securityContext:
          capabilities:
            add:
            - NET_ADMIN
            - NET_RAW
            - SYS_TIME
        volumeMounts:
        - mountPath: /etc/kubernetes/admin.conf
          name: kubeconfig
      hostNetwork: true
      serviceAccountName: kube-vip
      hostAliases:
      - hostnames:
        - kubernetes
        ip: 127.0.0.1
      volumes:
      - hostPath:
          path: /etc/rancher/k3s/k3s.yaml
        name: kubeconfig