Add IPv6 support for Kourier

[linkvt]

Kourier failed on IPv6-only clusters: the EndpointSlice watcher filtered out IPv6 addresses so the controller couldn't discover gateway pods, the bootstrap stats listener bound to IPv4 only, and the extauthz URI construction didn't bracket IPv6 addresses.

Using an IPv6 address with ipv4_compat works in IPv4 only environments as I tested locally, CI should confirm that.

Related to knative/serving#16591

Changes

• Accept IPv6 EndpointSlices in ReadyAddressesFromSlice
• Bind bootstrap stats listener to :: with ipv4_compat for dual-stack
• Use net.JoinHostPort in extauthz URI for correct IPv6 bracketing

/kind enhancement

Release Note

Add IPv6-only cluster support for Kourier. EndpointSlice discovery now includes IPv6 addresses, the stats listener binds dual-stack, and extauthz URIs correctly bracket IPv6 hosts. Configure with listen-ip-addresses: "::" in config-kourier.

[Copilot]

Pull request overview

This PR adds IPv6-only (and improved dual-stack) support to Kourier by ensuring gateway discovery and connectivity logic correctly handles IPv6 EndpointSlices, IPv6 listener binding, and IPv6 host formatting in ext_authz URIs.

Changes:

• Expand ReadyAddressesFromSlice to accept IPv6 EndpointSlices (in addition to IPv4) and update downstream aggregations/tests accordingly.
• Construct ext_authz ServerUri.Uri using net.JoinHostPort to correctly bracket IPv6 hosts.
• Update Envoy bootstrap stats listener to bind to :: with ipv4_compat: true for dual-stack compatibility.

Reviewed changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
pkg/reconciler/ingress/lister.go	Aggregates ready addresses from EndpointSlices (now including IPv6 via shared helper).
pkg/reconciler/ingress/config/ext_authz.go	Uses net.JoinHostPort to format host:port correctly for IPv6 in ext_authz URIs.
pkg/reconciler/ingress/config/ext_authz_test.go	Adds coverage for IPv6 host URI bracketing in ext_authz filter config.
pkg/generator/endpointslice.go	Updates documentation/comments to reflect IP (v4/v6) support.
pkg/generator/endpointslice_test.go	Updates expectations to include both IPv4 and IPv6 addresses.
pkg/endpointslice/endpointslice.go	Accepts both IPv4 and IPv6 EndpointSlice.AddressType when extracting ready addresses.
pkg/endpointslice/endpointslice_test.go	Updates tests to verify IPv6 ready endpoints are returned.
config/200-bootstrap.yaml	Binds the stats listener to :: and enables ipv4_compat for dual-stack binding behavior.

Comments suppressed due to low confidence (1)

pkg/reconciler/ingress/lister.go:65

• ListProbeTargets now aggregates ready addresses from EndpointSlices, which includes IPv6 slices via ReadyAddressesFromSlice, but lister_test.go only covers IPv4 slices. Please add a test case with an IPv6 EndpointSlice (and optionally mixed IPv4+IPv6) to prevent regressions in IPv6-only and dual-stack clusters.

	// Aggregate ready addresses from all slices
	allAddresses := sets.New[string]()
	for _, slice := range slices {
		addresses := endpointslice.ReadyAddressesFromSlice(slice)
		if addresses != nil {
			allAddresses = allAddresses.Union(addresses)
		}
	}

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 77.52%. Comparing base (f3e4e0c) to head (db20e61).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #1455   +/-   ##
=======================================
  Coverage   77.52%   77.52%           
=======================================
  Files          28       28           
  Lines        1882     1882           
=======================================
  Hits         1459     1459           
  Misses        334      334           
  Partials       89       89           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[dprotaso]

/lgtm
/approve

[dprotaso]

Curious - how are you testing this in kind etc?

[knative-prow]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dprotaso, linkvt

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [dprotaso,linkvt]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[linkvt]

Curious - how are you testing this in kind etc?

I created a kind cluster with the following config:

kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
networking:
  ipFamily: ipv6
nodes:
  - role: control-plane

Create the cluster and that's it:

❯ kind create cluster --name ipv6test --config tmp/kind-ipv6-config.yaml
enabling experimental podman provider
Creating cluster "ipv6test" ...
 ✓ Ensuring node image (kindest/node:v1.35.0) 🖼
 ✓ Preparing nodes 📦
 ✓ Writing configuration 📜
 ✓ Starting control-plane 🕹️
 ✓ Installing CNI 🔌
 ✓ Installing StorageClass 💾
Set kubectl context to "kind-ipv6test"
You can now use your cluster with:

kubectl cluster-info --context kind-ipv6test

Have a question, bug, or feature request? Let us know! https://kind.sigs.k8s.io/#community 🙂
…/repos/knative/serving on  main [$?] via 🐹 v1.26.3
❯ k get po -A -o wide
NAMESPACE            NAME                                             READY   STATUS    RESTARTS   AGE   IP                      NODE                     NOMINATED NODE   READINESS GATES
kube-system          coredns-7d764666f9-tn2gz                         1/1     Running   0          20s   fd00:10:244::2          ipv6test-control-plane   <none>           <none>
kube-system          coredns-7d764666f9-zr44q                         1/1     Running   0          20s   fd00:10:244::3          ipv6test-control-plane   <none>           <none>
kube-system          etcd-ipv6test-control-plane                      1/1     Running   0          27s   fc00:f853:ccd:e793::d   ipv6test-control-plane   <none>           <none>
kube-system          kindnet-rpjlf                                    1/1     Running   0          20s   fc00:f853:ccd:e793::d   ipv6test-control-plane   <none>           <none>
...