Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add the ability to append external IPs in node proxy mode #369

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Add the ability to append external IPs in node proxy mode #369

wants to merge 3 commits into from

Conversation

stevefan1999-personal
Copy link

Description

This is regarded to this comment in the original thread of #214:

Why not just set exposed Node ips on external-ip of LoadBalancer Service?

If you set the external-ip of the LoadBalancer Service, the Kube-Proxy will modify iptables or ipvs rules on all Nodes. This is very dangerous because it disturbes the cluster network environment.

After much deliberation, I had to settle for a painful compromise.

The external-ip of the LoadBalancer Service will always stay in this mode, and the information of exposure is displayed in annotation.

We can just make that an add-in feature for people to try, we just don't have to enable it by default. It is not sure why @KONY128 suggested not to that. This is necessary for certain application that listens to load balancer status change and external IP addresses such as external-dns so I think this is more of a necessary evil.

What type of PR is this ?:

Implementation

Related links:

#214 (comment)

@ks-ci-bot ks-ci-bot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Dec 9, 2023
@stevefan1999-personal
Copy link
Author

/assign @FeynmanZhou

@stevefan1999-personal
add feature to add external ips on demand
ff7197d 
Signed-off-by: Steve Fan <29133953+stevefan1999-personal@users.noreply.github.com>
@stevefan1999-personal
add contributor
5134c14 
Signed-off-by: Steve Fan <29133953+stevefan1999-personal@users.noreply.github.com>
@stevefan1999-personal
fix typo
923c95c 
Signed-off-by: Steve Fan <29133953+stevefan1999-personal@users.noreply.github.com>
@ks-ci-bot
Copy link
Collaborator

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: stevefan1999-personal
To complete the pull request process, please ask for approval from feynmanzhou after the PR has been reviewed.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

1 similar comment
@ks-ci-bot
Copy link
Collaborator

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: stevefan1999-personal
To complete the pull request process, please ask for approval from feynmanzhou after the PR has been reviewed.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@renyunkang
Copy link
Member

If you set the external-ip of the LoadBalancer Service, the Kube-Proxy will modify iptables or ipvs rules on all Nodes. This is very dangerous because it disturbes the cluster network environment.

As mentioned by @KONY128, setting the node IP as the external-ip for the LoadBalancer service when using kube-proxy may disrupt the original network and even paralyze the cluster network. Therefore, we do not recommend this practice.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@FeynmanZhou FeynmanZhou

Labels
size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@stevefan1999-personal @ks-ci-bot @renyunkang @FeynmanZhou