Backport of Addition of missing IPv6 listeners and envoy dns ipv4 only resolution change into release/1.22.x (#22937)

hc-github-team-consul-core · pajay-rao · web-flow · commit 47210231005d · 2025-10-14T17:38:27.000+05:30
backport of commit e285476 Co-authored-by: P Ajay Rao <pajay.rao@hashicorp.com>
diff --git a/agent/envoyextensions/builtin/aws-lambda/aws_lambda.go b/agent/envoyextensions/builtin/aws-lambda/aws_lambda.go
@@ -20,6 +20,7 @@ import (
 	"github.com/go-viper/mapstructure/v2"
 	pstruct "google.golang.org/protobuf/types/known/structpb"
 
+	"github.com/hashicorp/consul/agent/netutil"
 	"github.com/hashicorp/consul/api"
 	"github.com/hashicorp/consul/envoyextensions/extensioncommon"
 	"github.com/hashicorp/go-multierror"
@@ -125,12 +126,16 @@ func (a *awsLambda) PatchCluster(p extensioncommon.ClusterPayload) (*envoy_clust
 	if err != nil {
 		return c, false, err
 	}
-
+	dlf := envoy_cluster_v3.Cluster_V4_ONLY
+	ds, _ := netutil.IsDualStack(nil, true)
+	if ds {
+		dlf = envoy_cluster_v3.Cluster_ALL
+	}
 	cluster := &envoy_cluster_v3.Cluster{
 		Name:                 c.Name,
 		ConnectTimeout:       c.ConnectTimeout,
 		ClusterDiscoveryType: &envoy_cluster_v3.Cluster_Type{Type: envoy_cluster_v3.Cluster_LOGICAL_DNS},
-		DnsLookupFamily:      envoy_cluster_v3.Cluster_V4_ONLY,
+		DnsLookupFamily:      dlf,
 		LbPolicy:             envoy_cluster_v3.Cluster_ROUND_ROBIN,
 		Metadata: &envoy_core_v3.Metadata{
 			FilterMetadata: map[string]*pstruct.Struct{
diff --git a/agent/xds/clusters.go b/agent/xds/clusters.go
@@ -1842,6 +1842,10 @@ func configureClusterWithHostnames(
 	rate := 10 * time.Second
 	cluster.DnsRefreshRate = durationpb.New(rate)
 	cluster.DnsLookupFamily = envoy_cluster_v3.Cluster_V4_ONLY
+	ds, _ := netutil.IsDualStack(nil, true)
+	if ds {
+		cluster.DnsLookupFamily = envoy_cluster_v3.Cluster_ALL
+	}
 
 	envoyMaxEndpoints := 1
 	discoveryType := envoy_cluster_v3.Cluster_Type{Type: envoy_cluster_v3.Cluster_LOGICAL_DNS}
@@ -1945,15 +1949,19 @@ func (s *ResourceGenerator) makeExternalIPCluster(snap *proxycfg.ConfigSnapshot,
 func (s *ResourceGenerator) makeExternalHostnameCluster(snap *proxycfg.ConfigSnapshot, opts clusterOpts, discoveryType envoy_cluster_v3.Cluster_DiscoveryType) *envoy_cluster_v3.Cluster {
 	cfg := snap.GetGatewayConfig(s.Logger)
 	opts.connectTimeout = time.Duration(cfg.ConnectTimeoutMs) * time.Millisecond
-
+	dlf := envoy_cluster_v3.Cluster_V4_ONLY
+	ds, _ := netutil.IsDualStack(nil, true)
+	if ds {
+		dlf = envoy_cluster_v3.Cluster_ALL
+	}
 	cluster := &envoy_cluster_v3.Cluster{
 		Name:           opts.name,
 		ConnectTimeout: durationpb.New(opts.connectTimeout),
 
 		// Having an empty config enables outlier detection with default config.
 		OutlierDetection:     &envoy_cluster_v3.OutlierDetection{},
 		ClusterDiscoveryType: &envoy_cluster_v3.Cluster_Type{Type: discoveryType},
-		DnsLookupFamily:      envoy_cluster_v3.Cluster_V4_ONLY,
+		DnsLookupFamily:      dlf,
 	}
 
 	rate := 10 * time.Second
diff --git a/agent/xds/listeners.go b/agent/xds/listeners.go
@@ -949,6 +949,13 @@ func makeListener(opts makeListenerOpts) *envoy_listener_v3.Listener {
 func makeListenerWithDefault(opts makeListenerOpts) *envoy_listener_v3.Listener {
 	if opts.addr == "" {
 		opts.addr = "127.0.0.1"
+		ds, err := netutil.IsDualStack(nil, true)
+		if err != nil {
+			return nil
+		}
+		if ds {
+			opts.addr = "::1"
+		}
 	}
 	accessLog, err := accesslogs.MakeAccessLogs(&opts.accessLogs, true)
 	if err != nil && opts.logger != nil {
@@ -1342,6 +1349,13 @@ func (s *ResourceGenerator) makeInboundListener(cfgSnap *proxycfg.ConfigSnapshot
 	addr := cfgSnap.Address
 	if addr == "" {
 		addr = "0.0.0.0"
+		ds, err := netutil.IsDualStack(nil, true)
+		if err != nil {
+			return nil, err
+		}
+		if ds {
+			addr = "::"
+		}
 	}
 	if cfg.BindAddress != "" {
 		addr = cfg.BindAddress
@@ -1565,6 +1579,13 @@ func (s *ResourceGenerator) makeExposedCheckListener(cfgSnap *proxycfg.ConfigSna
 		addr = cfg.BindAddress
 	} else if addr == "" {
 		addr = "0.0.0.0"
+		ds, err := netutil.IsDualStack(nil, true)
+		if err != nil {
+			return nil, err
+		}
+		if ds {
+			addr = "::"
+		}
 	}
 
 	// Strip any special characters from path to make a valid and hopefully unique name
diff --git a/command/connect/envoy/envoy.go b/command/connect/envoy/envoy.go
@@ -528,6 +528,13 @@ func (c *cmd) proxyRegistration(svcForSidecar *api.AgentService) (*api.AgentServ
 		// fallback to localhost as the gateway has to reside in the same network namespace
 		// as the agent
 		tcpCheckAddr = "127.0.0.1"
+		ds, err := netutil.IsDualStack(nil, false)
+		if err == nil {
+			return nil, err
+		}
+		if ds {
+			tcpCheckAddr = "::1"
+		}
 	}
 
 	var proxyConf *api.AgentServiceConnectProxyConfig
