-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add option to prevent cluster-traffic from bypassing loadbalancers
This is accomplished with two new annotations: - `k8s.cloudscale.ch/loadbalancer-force-hostname` - `k8s.cloudscale.ch/loadbalancer-ip-mode` The former forces a hostname to be reported for loadbalancer ingress, the latter adds support for the new IPMode config available by default on Kubernetes 1.30, and feature-gated on 1.29. This is required for clusters that use the `proxy` or `proxyv2` protocol for any of their loadbalancers, and send traffic from inside the cluster to the loadbalancers. In such a constellation, traffic may not be sent through the loadbalancer, unless the hostname is set (for older clusters). For newer cluster, the default "IP Mode" used is "Proxy", as that is the least surprising setting. References: - https://kubernetes.io/blog/2023/12/18/kubernetes-1-29-feature-loadbalancer-ip-mode-alpha/ - #15
- Loading branch information
Showing
5 changed files
with
352 additions
and
26 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.