This repository has been archived by the owner on Feb 9, 2022. It is now read-only.
nginx-ingress service: externalTrafficPolicy: "Local" causes routing problems #1059
Comments
|
Hi, Thank you so much for the input! I opened this PR #1060 for discussion and to see how it works in our tests. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Hi,
I'm on platform generic with metallb and tried to activate the oidc authentication plugin with kube-prods key cloak. This didn't work because the kube-apiserver could not communicate with keycloaks nginx-ingress. I analysed this further and found the following issue: metallb/metallb#153.
The issue comes up, when services published with
externalTrafficPolicy: "Local"should be accessed from within the cluster. This doesn't work with kube-proxy in ipvs mode.After some debugging I found, the nginx-ingress service is created from kube-prod with
externalTrafficPolicy: "Local"enabled. As the kube-prod services published with the built in nginx-ingress are used for management, maybe it's better to setexternalTrafficPolicytoCluster. In my case I'm using a second nginx-ingress controller with an ingress class for the external services where I may need the client IPs.Please consider to set
externalTrafficPolicytoCluster.Cheers,
floek
The text was updated successfully, but these errors were encountered: