diff --git a/cmd/containerboot/settings.go b/cmd/containerboot/settings.go
index c35fc1407..181a94dd7 100644
--- a/cmd/containerboot/settings.go
+++ b/cmd/containerboot/settings.go
@@ -126,6 +126,7 @@ func configFromEnv() (*settings, error) {
 		IngressProxiesCfgPath:                 defaultEnv("TS_INGRESS_PROXIES_CONFIG_PATH", ""),
 		PodUID:                                defaultEnv("POD_UID", ""),
 	}
+
 	podIPs, ok := os.LookupEnv("POD_IPS")
 	if ok {
 		ips := strings.Split(podIPs, ",")
@@ -144,6 +145,7 @@ func configFromEnv() (*settings, error) {
 			cfg.PodIPv6 = parsed.String()
 		}
 	}
+
 	// If cert share is enabled, set the replica as read or write. Only 0th
 	// replica should be able to write.
 	isInCertShareMode := defaultBool("TS_EXPERIMENTAL_CERT_SHARE", false)
@@ -165,9 +167,19 @@ func configFromEnv() (*settings, error) {
 		cfg.AcceptDNS = &acceptDNSNew
 	}
 
+	// In Kubernetes clusters, people like to use the "$(POD_IP):PORT" combination to configure the TS_LOCAL_ADDR_PORT
+	// environment variable (we even do this by default in the operator when enabling metrics), leading to a v6 address
+	// and port combo we cannot parse, as netip.ParseAddrPort expects the host segment to be enclosed in square brackets.
+	// We perform a check here to see if TS_LOCAL_ADDR_PORT is using the pod's IPv6 address and is not using brackets,
+	// adding the brackets in if need be.
+	if cfg.PodIPv6 != "" && strings.Contains(cfg.LocalAddrPort, cfg.PodIPv6) && !strings.ContainsAny(cfg.LocalAddrPort, "[]") {
+		cfg.LocalAddrPort = strings.Replace(cfg.LocalAddrPort, cfg.PodIPv6, "["+cfg.PodIPv6+"]", 1)
+	}
+
 	if err := cfg.validate(); err != nil {
 		return nil, fmt.Errorf("invalid configuration: %v", err)
 	}
+
 	return cfg, nil
 }
 
diff --git a/cmd/containerboot/settings_test.go b/cmd/containerboot/settings_test.go
index 5fa0c7dd1..eca50101b 100644
--- a/cmd/containerboot/settings_test.go
+++ b/cmd/containerboot/settings_test.go
@@ -6,6 +6,7 @@
 package main
 
 import (
+	"net/netip"
 	"strings"
 	"testing"
 )
@@ -226,3 +227,30 @@ func TestValidateAuthMethods(t *testing.T) {
 		})
 	}
 }
+
+func TestHandlesKubeIPV6(t *testing.T) {
+	t.Setenv("TS_LOCAL_ADDR_PORT", "fd7a:115c:a1e0::6c34:352:9002")
+	t.Setenv("POD_IPS", "fd7a:115c:a1e0::6c34:352")
+
+	cfg, err := configFromEnv()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if cfg.LocalAddrPort != "[fd7a:115c:a1e0::6c34:352]:9002" {
+		t.Errorf("LocalAddrPort is not set correctly")
+	}
+
+	parsed, err := netip.ParseAddrPort(cfg.LocalAddrPort)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if !parsed.Addr().Is6() {
+		t.Errorf("expected v6 address but got %s", parsed)
+	}
+
+	if parsed.Port() != 9002 {
+		t.Errorf("expected port 9002 but got %d", parsed.Port())
+	}
+}