Skip to content

OCPBUGS-63219: Add clientIPPreservationMode to AWS NLB parameters #2661

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
gcs278 wants to merge 1 commit into
base: master
Choose a base branch
from
Open

OCPBUGS-63219: Add clientIPPreservationMode to AWS NLB parameters #2661

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions openapi/generated_openapi/zz_generated.openapi.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

39 changes: 39 additions & 0 deletions operator/v1/types_ingress.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -898,8 +898,47 @@ type AWSNetworkLoadBalancerParameters struct {
// +kubebuilder:validation:XValidation:rule=`self.all(x, self.exists_one(y, x == y))`,message="eipAllocations cannot contain duplicates"
// +kubebuilder:validation:MaxItems=10
EIPAllocations []EIPAllocation `json:"eipAllocations"`

// clientIPPreservationMode specifies how client IP addresses are
// preserved by the load balancer.
//
// Valid values are "Native" and "ProxyProtocol".
//
// When set to "Native", the NLB uses AWS's native client IP preservation,
Comment thread
coderabbitai[bot] marked this conversation as resolved.
// which may cause hairpin connection failures for internal load balancers when
// connections are made from pods to router pods on the same node.
//
// When set to "ProxyProtocol", the NLB uses PROXY protocol v2 to preserve
// client IP addresses. This avoids hairpin connection failures.
//
// When omitted, this means the user has no opinion and the value is left
// to the platform to choose a good default, which is subject to change
// over time. The current default is "ProxyProtocol".
//
// Note that changing this field may cause brief connection failures during
// the transition as the NLB attribute change and router rollout occur
// independently.
//
// +optional
ClientIPPreservationMode ClientIPPreservationMode `json:"clientIPPreservationMode,omitempty"`
}

// ClientIPPreservationMode specifies how client IP addresses should be
// preserved by the Network Load Balancer.
// +kubebuilder:validation:Enum=Native;ProxyProtocol
type ClientIPPreservationMode string

const (
// ClientIPPreservationNative uses AWS's native client IP preservation,
// which may cause hairpin connection failures for internal load balancers when
// connections are made from pods to router pods on the same node.
ClientIPPreservationNative ClientIPPreservationMode = "Native"

// ClientIPPreservationProxyProtocol uses PROXY protocol v2 to preserve
// client IP addresses. This avoids hairpin connection failures.
ClientIPPreservationProxyProtocol ClientIPPreservationMode = "ProxyProtocol"
)

// EIPAllocation is an ID for an Elastic IP (EIP) address that can be allocated to an ELB in the AWS environment.
// Values must begin with `eipalloc-` followed by exactly 17 hexadecimal (`[0-9a-fA-F]`) characters.
// + Explanation of the regex `^eipalloc-[0-9a-fA-F]{17}$` for validating value of the EIPAllocation:
Expand Down
50 changes: 50 additions & 0 deletions ...zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-CustomNoUpgrade.crd.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -477,6 +477,31 @@ spec:
networkLoadBalancerParameters holds configuration parameters for an AWS
network load balancer. Present only if type is NLB.
properties:
clientIPPreservationMode:
description: |-
clientIPPreservationMode specifies how client IP addresses are
preserved by the load balancer.

Valid values are "Native" and "ProxyProtocol".

When set to "Native", the NLB uses AWS's native client IP preservation,
which may cause hairpin connection failures for internal load balancers when
connections are made from pods to router pods on the same node.

When set to "ProxyProtocol", the NLB uses PROXY protocol v2 to preserve
client IP addresses. This avoids hairpin connection failures.

When omitted, this means the user has no opinion and the value is left
to the platform to choose a good default, which is subject to change
over time. The current default is "ProxyProtocol".

Note that changing this field may cause brief connection failures during
the transition as the NLB attribute change and router rollout occur
independently.
enum:
- Native
- ProxyProtocol
type: string
eipAllocations:
description: |-
eipAllocations is a list of IDs for Elastic IP (EIP) addresses that
Expand Down Expand Up @@ -2749,6 +2774,31 @@ spec:
networkLoadBalancerParameters holds configuration parameters for an AWS
network load balancer. Present only if type is NLB.
properties:
clientIPPreservationMode:
description: |-
clientIPPreservationMode specifies how client IP addresses are
preserved by the load balancer.

Valid values are "Native" and "ProxyProtocol".

When set to "Native", the NLB uses AWS's native client IP preservation,
which may cause hairpin connection failures for internal load balancers when
connections are made from pods to router pods on the same node.

When set to "ProxyProtocol", the NLB uses PROXY protocol v2 to preserve
client IP addresses. This avoids hairpin connection failures.

When omitted, this means the user has no opinion and the value is left
to the platform to choose a good default, which is subject to change
over time. The current default is "ProxyProtocol".

Note that changing this field may cause brief connection failures during
the transition as the NLB attribute change and router rollout occur
independently.
enum:
- Native
- ProxyProtocol
type: string
eipAllocations:
description: |-
eipAllocations is a list of IDs for Elastic IP (EIP) addresses that
Expand Down
50 changes: 50 additions & 0 deletions ...ator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-Default.crd.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -477,6 +477,31 @@ spec:
networkLoadBalancerParameters holds configuration parameters for an AWS
network load balancer. Present only if type is NLB.
properties:
clientIPPreservationMode:
description: |-
clientIPPreservationMode specifies how client IP addresses are
preserved by the load balancer.

Valid values are "Native" and "ProxyProtocol".

When set to "Native", the NLB uses AWS's native client IP preservation,
which may cause hairpin connection failures for internal load balancers when
connections are made from pods to router pods on the same node.

When set to "ProxyProtocol", the NLB uses PROXY protocol v2 to preserve
client IP addresses. This avoids hairpin connection failures.

When omitted, this means the user has no opinion and the value is left
to the platform to choose a good default, which is subject to change
over time. The current default is "ProxyProtocol".

Note that changing this field may cause brief connection failures during
the transition as the NLB attribute change and router rollout occur
independently.
enum:
- Native
- ProxyProtocol
type: string
eipAllocations:
description: |-
eipAllocations is a list of IDs for Elastic IP (EIP) addresses that
Expand Down Expand Up @@ -2718,6 +2743,31 @@ spec:
networkLoadBalancerParameters holds configuration parameters for an AWS
network load balancer. Present only if type is NLB.
properties:
clientIPPreservationMode:
description: |-
clientIPPreservationMode specifies how client IP addresses are
preserved by the load balancer.

Valid values are "Native" and "ProxyProtocol".

When set to "Native", the NLB uses AWS's native client IP preservation,
which may cause hairpin connection failures for internal load balancers when
connections are made from pods to router pods on the same node.

When set to "ProxyProtocol", the NLB uses PROXY protocol v2 to preserve
client IP addresses. This avoids hairpin connection failures.

When omitted, this means the user has no opinion and the value is left
to the platform to choose a good default, which is subject to change
over time. The current default is "ProxyProtocol".

Note that changing this field may cause brief connection failures during
the transition as the NLB attribute change and router rollout occur
independently.
enum:
- Native
- ProxyProtocol
type: string
eipAllocations:
description: |-
eipAllocations is a list of IDs for Elastic IP (EIP) addresses that
Expand Down
50 changes: 50 additions & 0 deletions ...enerated.crd-manifests/0000_50_ingress_00_ingresscontrollers-DevPreviewNoUpgrade.crd.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -477,6 +477,31 @@ spec:
networkLoadBalancerParameters holds configuration parameters for an AWS
network load balancer. Present only if type is NLB.
properties:
clientIPPreservationMode:
description: |-
clientIPPreservationMode specifies how client IP addresses are
preserved by the load balancer.

Valid values are "Native" and "ProxyProtocol".

When set to "Native", the NLB uses AWS's native client IP preservation,
which may cause hairpin connection failures for internal load balancers when
connections are made from pods to router pods on the same node.

When set to "ProxyProtocol", the NLB uses PROXY protocol v2 to preserve
client IP addresses. This avoids hairpin connection failures.

When omitted, this means the user has no opinion and the value is left
to the platform to choose a good default, which is subject to change
over time. The current default is "ProxyProtocol".

Note that changing this field may cause brief connection failures during
the transition as the NLB attribute change and router rollout occur
independently.
enum:
- Native
- ProxyProtocol
type: string
eipAllocations:
description: |-
eipAllocations is a list of IDs for Elastic IP (EIP) addresses that
Expand Down Expand Up @@ -2749,6 +2774,31 @@ spec:
networkLoadBalancerParameters holds configuration parameters for an AWS
network load balancer. Present only if type is NLB.
properties:
clientIPPreservationMode:
description: |-
clientIPPreservationMode specifies how client IP addresses are
preserved by the load balancer.

Valid values are "Native" and "ProxyProtocol".

When set to "Native", the NLB uses AWS's native client IP preservation,
which may cause hairpin connection failures for internal load balancers when
connections are made from pods to router pods on the same node.

When set to "ProxyProtocol", the NLB uses PROXY protocol v2 to preserve
client IP addresses. This avoids hairpin connection failures.

When omitted, this means the user has no opinion and the value is left
to the platform to choose a good default, which is subject to change
over time. The current default is "ProxyProtocol".

Note that changing this field may cause brief connection failures during
the transition as the NLB attribute change and router rollout occur
independently.
enum:
- Native
- ProxyProtocol
type: string
eipAllocations:
description: |-
eipAllocations is a list of IDs for Elastic IP (EIP) addresses that
Expand Down
Loading