K8s Dualstack Nginx incorrectly interpret IPv6

[qdrddr]

Describe the bug
In the k8s environment with DualStack IP (IPv6 & IPv4) when the nginx container starts it automatically gets IPv4 & IPv6 addresses bound to the pod. When it initializes its config, it incorrectly interprets the IPv6 address that has column symbols in it as the port number (See the logs). Note that in the DualStack k8s environment, Pod will have two IPs simultaneously: IPv4 & IPv6.

To Reproduce
Install k8s with DualStack CNI.
Deploy label-studio via helm.

Expected behavior
Nginx init script should be able to generate config for the nginx server using IPv6 address that contains the column symbols :. IPv6 addresses typically must be encapsulated with square brackets like this: http://[2001:cafe:42:1::a]:8080 to be correctly processed.

Screenshots
logs attached

Environment (please complete the following information):
k8s 1.27
label-studio helm chart v1.9.4
nginx container image:docker.io/heartexlabs/label-studio:1.16.0

The issue seems to be with 10-configure-nginx.sh or docker-entrypoint.sh.

Additional context

Log from the nginx container in the label studio-ls-app Pod (see invalid port in resolver "2001:cafe:42:1::a"):

./deploy/docker-entrypoint.sh: Looking for init scripts in /label-studio/deploy/docker-entrypoint.d/nginx/
./deploy/docker-entrypoint.sh: Launching /label-studio/deploy/docker-entrypoint.d/nginx/10-configure-nginx.sh
=> Copy nginx config file...
=> Configure system resolver...
=> Skipping replace nginx certs.
=> Replacing app endpoint...
=> Successfully replaced app endpoint.
=> Skipping adding subpath to nginx config.
./deploy/docker-entrypoint.sh: Configuration complete; ready for start up
2025/02/14 01:29:32 [emerg] 1#1: invalid port in resolver "2001:cafe:42:1::a" in /opt/heartex/instance-data/etc/nginx/resolv.conf:1
nginx: [emerg] invalid port in resolver "2001:cafe:42:1::a" in /opt/heartex/instance-data/etc/nginx/resolv.conf:1

cilium/cilium#37627

[qdrddr]

I suspect the issue is with 10-configure-nginx.sh lines 10-11

And might need to be fixed like this. Here is how the /etc/resolv.conf looks like when you have both IPv4 & IPv6 nameservers in the DualStack k8s environment:

cat /etc/resolv.conf
search ai-system.svc.cluster.local svc.cluster.local cluster.local
nameserver 10.43.0.10
nameserver 2001:cafe:42:1::a
options ndots:5

After I process this file with this new code:

nameservers=$(awk '$1=="nameserver" {
    ns = $2;
    if (ns ~ /:/) {
        printf "[%s] ", ns;
    } else {
        printf "%s ", ns;
    }
}' /etc/resolv.conf)
echo "resolver $nameservers;" > $OPT_DIR/nginx/resolv.conf

Here is how the resulting $OPT_DIR/nginx/resolv.conf file would look like

resolver 10.43.0.10 [2001:cafe:42:1::a] ;

Now it looks correct to me.

[heidi-humansignal]

Hello,

Thank you so much for reaching out!

We are currently implementing a fix and will be introduced in the upcoming release!

Thank you again and have a lovely day!

Comment by Oussama Assili
Workflow Run

[qdrddr]

Which version of the packaged docker container is this fix expected to be implemented?