[networking] Disabling IPv6 Inside a Pod via Unsafe Sysctls on ACP

[jing2uo]

新增一篇 ACP KB 文章。

[coderabbitai]

Walkthrough

A new documentation page added explaining how to disable IPv6 within Kubernetes pod network namespaces using unsafe sysctls, including kubelet configuration steps and diagnostic verification commands.

Changes

Cohort / File(s)	Summary
IPv6 Disablement Documentation docs/en/solutions/Disabling_IPv6_Inside_a_Pod_via_Unsafe_Sysctls.md	New guide explaining unsafe sysctl usage to disable IPv6 in pod namespaces, kubelet allowlist configuration via node labels, workload scheduling with nodeSelector, and diagnostic/rollback procedures.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 A new guide hops into the documentation nest,
Teaching IPv6 how to rest,
With sysctls and labels so bright,
Kubernetes pods sleep soundly at night! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title describes a documentation addition about disabling IPv6 in pods using unsafe sysctls, which matches the primary change in the changeset.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch kb/2026-04/disabling-ipv6-inside-a-pod-via-unsafe-s

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

docs/en/solutions/Disabling_IPv6_Inside_a_Pod_via_Unsafe_Sysctls.md (1)

37-39: Clarify placeholder usage in the label command to avoid copy/paste failures.

Using angle-bracket placeholders in executable commands often gets copied literally. Consider adding a concrete example command right below this snippet to reduce operator error.

✍️ Suggested doc tweak

-   kubectl label node <worker-01> <worker-02> workload-class=ipv6-disable
+   kubectl label node <worker-01> <worker-02> workload-class=ipv6-disable
+   # Example:
+   # kubectl label node worker-a worker-b workload-class=ipv6-disable

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docs/en/solutions/Disabling_IPv6_Inside_a_Pod_via_Unsafe_Sysctls.md` around
lines 37 - 39, The label command snippet uses angle-bracket placeholders that
can be copied literally; update the snippet or immediately add a concrete
example to show real values (for example replacing <worker-01> and <worker-02>
with actual node names) and add a short note like “replace placeholders with
your node names” so operators won’t paste the angle-bracket text; specifically
update the line containing "kubectl label node <worker-01> <worker-02>
workload-class=ipv6-disable" and add a second concrete example such as using
real node names (e.g., worker-01 worker-02) and a one-line clarifying sentence.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@docs/en/solutions/Disabling_IPv6_Inside_a_Pod_via_Unsafe_Sysctls.md`:
- Line 102: Replace the typo in the expected-output line that reads "# Expected:
only ::1 or no global IPv6 addresses; no route::" by changing the trailing "no
route::" to clearer wording such as "no IPv6 routes" so the line becomes "#
Expected: only ::1 or no global IPv6 addresses; no IPv6 routes"; update the
phrase in the document where that exact string appears to maintain consistency.

---

Nitpick comments:
In `@docs/en/solutions/Disabling_IPv6_Inside_a_Pod_via_Unsafe_Sysctls.md`:
- Around line 37-39: The label command snippet uses angle-bracket placeholders
that can be copied literally; update the snippet or immediately add a concrete
example to show real values (for example replacing <worker-01> and <worker-02>
with actual node names) and add a short note like “replace placeholders with
your node names” so operators won’t paste the angle-bracket text; specifically
update the line containing "kubectl label node <worker-01> <worker-02>
workload-class=ipv6-disable" and add a second concrete example such as using
real node names (e.g., worker-01 worker-02) and a one-line clarifying sentence.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: a18c1384-bc88-45c8-862e-a1ab811dbc13

📥 Commits

Reviewing files that changed from the base of the PR and between c8b7b50 and 0687eb4.

📒 Files selected for processing (1)

• docs/en/solutions/Disabling_IPv6_Inside_a_Pod_via_Unsafe_Sysctls.md

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Fix expected-output typo for route check.

no route:: reads like a typo and may confuse readers; use clearer wording such as no IPv6 routes.

✍️ Suggested wording fix

-# Expected: only ::1 or no global IPv6 addresses; no route::
+# Expected: only ::1 or no global IPv6 addresses; no IPv6 routes

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	# Expected: only ::1 or no global IPv6 addresses; no route::
	# Expected: only ::1 or no global IPv6 addresses; no IPv6 routes

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docs/en/solutions/Disabling_IPv6_Inside_a_Pod_via_Unsafe_Sysctls.md` at line
102, Replace the typo in the expected-output line that reads "# Expected: only
::1 or no global IPv6 addresses; no route::" by changing the trailing "no
route::" to clearer wording such as "no IPv6 routes" so the line becomes "#
Expected: only ::1 or no global IPv6 addresses; no IPv6 routes"; update the
phrase in the document where that exact string appears to maintain consistency.