How to setup a cluster by Kubespray which can preserve source ip from clients?

AslanLiu

1/31/24, 11:22 AM

I use Kubespray to setup my cluster and run my applications on it. However, my applications need getting client source ip. Therefore, I need set externalTrafficPolicy as Local in svc. But this is not a good solution, especially for building HA applications.

I tried Calico + ebpf, but it doesn't work. (see https://github.com/projectcalico/calico/issues/7252). I aslo tried Cilium and client source ip isn't preserved in this way.

If I want to preserve client source ip, how do I do if using Kubespray?

427

0 + 6

kubernetes

Nataraj Medayhal

1/31/24, 11:54 AM

To preserve you should implement ingress controllers which will come LB service which can be attached to Load balancer. Post that enabling proxy protocol, client ip can be preserved. Following link has different controllers https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/. depending on your requirement you can choose one.

pchaigno

1/31/24, 3:18 PM

What was the issue with Cilium and externalTrafficPolicy?

pchaigno

1/31/24, 3:18 PM

Note that, with Cilium, you can also use DSR to preserve the source IP address (and improve performance): https://cilium.io/blog/2020/02/18/cilium-17/#kubeproxy-removal.

AslanLiu

2/1/24, 2:29 AM

To Nataraj, Ingress controller also is exposed by MetalLB, and it also cannot get client source ip, right? Unless MetalLB SVC for Ingress controll is also added externalTrafficPolicy=Local. So the problem still exists.

AslanLiu

2/1/24, 4:01 AM

To Pchaigno, Yes, DSR. However, I don't know how to enable DSR in Kubespray. Cannont find any config for that.

AslanLiu

2/1/24, 4:09 AM

I tried add 'bpf-lb-mode: dsr' in cilium-config, but it doesn't work.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How to setup a cluster by Kubespray which can preserve source ip from clients?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.