Über Open CoDE Software Wiki Diskussionen GitLab

Skip to content

Use OVN provider LB when available in front of ingress

Created by: garloff

As an ingress user, I want to see real client IPs in the ingress. To make this work without proxy-protocol workarounds, we must ensure

  • that we use externalTrafficPolicy: local (otherwise we see the kube-proxy forwarded source IPs)
  • have a health-monitor enabled (otherwise the nodes without the nginx will receive and drop traffic)
  • have a loadbalancer that does preserve the client IPs (by working on layer 3 or similar ways to steer the flows)

The octavia load balancer implemented by the OVN provider does preserve the client IPs nicely.

To use it, we can set lb-provider=ovn in [loadbalancer] sertion of cloud.conf, of course only after testing that it is supported by the underlying infra.

See also issues/#268 (closed) for figuring out how to make health monitors work.