You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Several users have expressed the need to have an internal pod reach reach out a service by running through an external load-balancer. Reasons for the extra routing step are to have the proxy handle TLS and/or Proxy Protocol in a consistent manner.
The reason for the described behavior is that kube-proxy explicitly implements a bypassing logic. There is already an upstream issue describing this as a problem for users.
A workaround is outlined in the originating CCM issue. The only other alternative is to have pods speak to the service natively, which often isn't desired.
We should look into ways to support external routing one way or another in DOKS.
The text was updated successfully, but these errors were encountered:
The issue has been brought forward in the SIG Networking meeting from 4. April 2019 (recording). It wasn't completely clear why the requested routing pattern isn't supported by default.
There was agreement in submitting a PR that changes the behavior and continue discussions based on that.
AWS manages to support this case by means of using ingress hostnames, which is something that we currently cannot do at DigitalOcean. (See also this comment.)
Several users have expressed the need to have an internal pod reach reach out a service by running through an external load-balancer. Reasons for the extra routing step are to have the proxy handle TLS and/or Proxy Protocol in a consistent manner.
The reason for the described behavior is that kube-proxy explicitly implements a bypassing logic. There is already an upstream issue describing this as a problem for users.
A workaround is outlined in the originating CCM issue. The only other alternative is to have pods speak to the service natively, which often isn't desired.
We should look into ways to support external routing one way or another in DOKS.
The text was updated successfully, but these errors were encountered: