"dial tcp [::1]:6443: connect: network is unreachable" errors in kubernetes controlplane components when IPv6 is disabled on the loopback interface

This document (000021366) is provided subject to the disclaimer at the end of this document.

Environment

• Rancher v2.6+
• A Rancher RKE2 cluster
• IPv6 networking disabled on the loopback interface

Situation

Provisioning of a downstream RKE2 cluster with IPv6 networking enabled fails. In the kube-controller-manager container, messages about the lack of connectivity to the API can be seen:

dial tcp [::1]:6443: connect: network is unreachable

Resolution

With IPv6 networking enabled on the host, the OS will default to the resolution of localhost to ::1 over 127.0.0.1 (/etc/hosts has localhost resolving to both 127.0.0.1 and ::1).

If the host node is started with IPv6 networking enabled, but this is then disabled on the loopback interface, localhost resolution will default to ::1 (which remains in the /etc/hosts file), but the address will not be available on the loopback interface.

To resolve this enable IPv6 on the loopback interface:

sudo sysctl -w net.ipv6.conf.lo.disable_ipv6=0

This change will not persist node reboots, and you should also update any custom configuration you have defined in /etc/sysctl.conf or /etc/sysctl.d/*.conf files to ensure IPv6 networking is enabled on the loopback interface.

Additional Information

Additional discussion can be found in:

• kubernetes/kubernetes#99268 (comment)
• kubernetes/kubernetes#95706 (comment)

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.