-
Notifications
You must be signed in to change notification settings - Fork 463
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ingress: Add proxy-protocol enhancement #664
ingress: Add proxy-protocol enhancement #664
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you update the description field of this PR? I believe the new "This Week in Enhancements" tool parses an enhancement summary from there.
When OpenShift is configured with an external load-balancer in front of an | ||
IngressController, the connections that the IngressController receives have the | ||
load balancer's address (instead of the original client addresses) as the source | ||
address. PROXY protocol enables the external load-balancer to preserve the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would it be worth mentioning that PROXY protocol is already enabled for Ingress Controller's with an endpoint publishing strategy of LoadBalancerService
on AWS by default?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've rewritten this section to describe service load-balancers versus external load-balancers and the various endpoint publishing strategies.
|
||
### Non-Goal | ||
|
||
1. Enabling PROXY protocol to be configured on individual Routes. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would a non-goal be allowing PROXY protocol to be configured when using the LoadBalancerService
endpoint publishing strategy? (I guess mentioning this here would be slightly redundant but can't hurt to be explicit, considering our current usage of PROXY protocol on default ingress controllers on AWS)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It would. I added a non-goal as you suggested. Thanks!
|
||
### User Stories | ||
|
||
#### As a cluster administrator, I need my IngressController to use PROXY protocol to communicate with my external load-balancer. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think you may need to drop the period at the end of this line to satisfy the new lint rules.
aabd06b
to
328c3b9
Compare
I copied and pasted the summary from the enhancement. I hope that is sufficient. |
### Non-Goals | ||
|
||
1. Enabling PROXY protocol to be configured on individual Routes. | ||
1. Enable cluster administrators to enable PROXY protocol on IngressControllers that use the "LoadBalancerService" or "Private" endpoint publishing strategies. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: The non-goals list has 2 items with numbering 1 (yet it renders with the correct numbering 🤔 )
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's a markdown thing. If each item is numbered with 1, the generator converts it into a properly numbered list. That's especially nice when dealing with diffs.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
huh TIL
/lgtm |
/approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: knobunc The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
328c3b9
to
fdd0d19
Compare
Latest push updates the API definitions with the revised ones from openshift/api#871. |
/lgtm |
/hold cancel |
This enhancement enables cluster administrators to enable PROXY protocol on IngressControllers.