fix(manifest-server): bind to :: for dual-stack support

[Johannes Würbach (johanneswuerbach)]

What

Change manifest-server's Uvicorn bind from --host 0.0.0.0 to --host :: in airbyte_cdk/manifest_server/Dockerfile.

Why

The Dockerfile's CMD hardcoded --host 0.0.0.0, which only binds the IPv4 wildcard address. On dual-stack Kubernetes clusters that allocate IPv6 pod IPs (or pure-IPv6 clusters), the kubelet probes the pod's IPv6 IP for liveness/readiness — Uvicorn doesn't accept those connections, the pod fails health checks, and ends up in CrashLoopBackOff.

Switching to --host :: binds the IPv6 wildcard. On Linux, an IPv6 listener on :: accepts both IPv6 connections and IPv4-mapped connections by default (unless IPV6_V6ONLY=1), so this is a strict superset of the prior behavior — single-stack IPv4 clusters keep working and dual-stack / IPv6-preferred clusters start working.

Repro

EKS cluster with ipFamilies: [IPv6, IPv4] (IPv6 first):

1. Pod is allocated only an IPv6 IP (e.g. 2600:1f18:2090:c503:1190::15).
2. Pod logs show Uvicorn running on http://0.0.0.0:8080.
3. Kubelet liveness probe to http://[<pod-ipv6>]:8080/health returns connection refused.
4. After 30s initialDelaySeconds + 30s of failed probes, kubelet sends SIGTERM → graceful shutdown → restart loop.

After this change, the same cluster sees Uvicorn running on http://[::]:8080 and the liveness probe succeeds.

Notes

• Tested with airbyte/manifest-server:7.10.0 from the chart V2 / Airbyte v2.1.0 release.
• No env-var-driven fallback added — the bind address is invariant in the typical Kubernetes deployment, and the existing CLI-driven entry point in airbyte_cdk/manifest_server/cli/_start.py already supports --host overrides for the local-dev path.
• Other Airbyte components (Java/Micronaut) bind dual-stack by default, so this brings manifest-server in line with the rest of the platform.

Summary by CodeRabbit

• Bug Fixes
  • Improved Kubernetes compatibility by enabling IPv6 support in the manifest server, preventing connection refusals during health probe checks that caused pod restarts.

[coderabbitai]

Warning

Rate limit exceeded

@johanneswuerbach has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 59 minutes and 3 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 59 minutes and 3 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 78d5dcd9-c0dd-4e8f-97ae-1431f5ccf08c

📥 Commits

Reviewing files that changed from the base of the PR and between 10be46c and 1e7f971.

📒 Files selected for processing (1)

• airbyte_cdk/manifest_server/Dockerfile

📝 Walkthrough

Walkthrough

The uvicorn host binding in the manifest server Dockerfile is changed from IPv4-only (0.0.0.0) to IPv6 dual-stack (::) mode, with added inline documentation explaining the Kubernetes probe addressing behavior.

Changes

Cohort / File(s)	Summary
Manifest Server Configuration airbyte_cdk/manifest_server/Dockerfile	Updated uvicorn host binding from 0.0.0.0 to :: to support IPv6 dual-stack addressing. Added documentation explaining how IPv6 Kubernetes probes can cause connection refusals with IPv4-only listeners.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and accurately summarizes the main change: updating the manifest-server Docker configuration to bind to the IPv6 wildcard address for dual-stack Kubernetes support.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

Updates manifest-server’s container entrypoint to bind Uvicorn to the IPv6 wildcard address so it can accept kubelet probes on IPv6-only / IPv6-preferred Kubernetes clusters.

Changes:

• Switch Uvicorn bind host from 0.0.0.0 (IPv4-only) to :: (dual-stack on typical Linux defaults).
• Add inline Dockerfile rationale explaining the Kubernetes probe failure mode and why :: resolves it.

Comments suppressed due to low confidence (1)

airbyte_cdk/manifest_server/Dockerfile:48

• The note about "unless IPV6_V6ONLY is set" is a bit ambiguous: IPV6_V6ONLY is a socket option (and on Linux can also be influenced via net.ipv6.bindv6only), not something typically "set" as an env var. Consider rewording to explicitly reference the socket option / sysctl to avoid confusion for readers.

CMD ["uvicorn", "airbyte_cdk.manifest_server.app:app", "--host", "::", "--port", "8080"]

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.