You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Over the past few years, we've seen a number of requests for ensuring that the client IP address is forwarded on to the backend pod. (Without implying PROXY protocol as well, preferably).
For Gateway API implementations that create a Loadbalancer Service, this is often done by setting ExternalTrafficPolicy to local - although this also has the side effect of changing how nodes will respond to traffic bound for the LB Service as well.
Having some method for the user to request that we end up with this behavior is necessary - although in discussions with the maintainers, we've been reluctant to just put something that allows you to set ExternalTrafficPolicy directly, since it's not available if the implementation isn't using an LB Service.
So, this discussion is to talk about ways to represent the request that "client IP address should be visible at the backend Pod" in Gateway API config.
I have some ideas, but would like to hear from everyone else first.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Over the past few years, we've seen a number of requests for ensuring that the client IP address is forwarded on to the backend pod. (Without implying PROXY protocol as well, preferably).
For Gateway API implementations that create a Loadbalancer Service, this is often done by setting
ExternalTrafficPolicytolocal- although this also has the side effect of changing how nodes will respond to traffic bound for the LB Service as well.Having some method for the user to request that we end up with this behavior is necessary - although in discussions with the maintainers, we've been reluctant to just put something that allows you to set
ExternalTrafficPolicydirectly, since it's not available if the implementation isn't using an LB Service.So, this discussion is to talk about ways to represent the request that "client IP address should be visible at the backend Pod" in Gateway API config.
I have some ideas, but would like to hear from everyone else first.
Beta Was this translation helpful? Give feedback.
All reactions