Option to set externalTrafficPolicy on the consul ingress gateway service resourceΒ #5155
Description
Community Note
- Please vote on this issue by adding a π reaction to the original issue to help the community and maintainers prioritize this request. Searching for pre-existing feature requests helps us consolidate datapoints for identical requirements into a single place, thank you!
- Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.
- If you are interested in working on this issue or have submitted a pull request, please leave a comment.
The requirement is that in consul access logs we should be able to capture the actual source IP.
setup:
client vm ---> azure LB (network LB) ----> consul gw svc ---> application service
In the above flow the consul gw service is always created with externalTrafficPolicy set to Cluster. This setting masks the actual client IP with the kube proxy IP. If we patch the consul-gateway service with kubectl patch svc api-gateway -n bookinfo -p '{"spec": {"externalTrafficPolicy": "Local"}}', the settting is reverted by the consul gateway controller.
Is there a feature to set externalTrafficPolicy in consul ingress gateway service?
Gateway definition
apiVersion: gateway.networking.k8s.io/v1beta1
kind: Gateway
metadata:
annotations:
consul.hashicorp.com/gateway-class-config: '{"serviceType":"LoadBalancer","deployment":{"defaultInstances":1,"maxInstances":1,"minInstances":1,"resources":{"limits":{"cpu":"100m","memory":"100Mi"},"requests":{"cpu":"100m","memory":"100Mi"}}},"copyAnnotations":{},"metrics":{}}'
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"gateway.networking.k8s.io/v1beta1","kind":"Gateway","metadata":{"annotations":{},"name":"api-gateway","namespace":"bookinfo"},"spec":{"gatewayClassName":"consul","listeners":[{"allowedRoutes":{"namespaces":{"from":"Same"}},"name":"http","port":80,"protocol":"HTTP"}]}}
finalizers:
- gateway-finalizer.consul.hashicorp.com
name: api-gateway
namespace: bookinfo
spec:
gatewayClassName: consul
listeners:
- allowedRoutes:
namespaces:
from: Same
name: http
port: 80
protocol: HTTP
gatewayclassconfig
apiVersion: consul.hashicorp.com/v1alpha1
kind: GatewayClassConfig
metadata:
finalizers:
- gateway-class-exists-finalizer.consul.hashicorp.com
labels:
app: consul
chart: consul-helm
component: api-gateway
heritage: Helm
release: consul
name: consul-api-gateway
spec:
copyAnnotations: {}
deployment:
defaultInstances: 1
maxInstances: 1
minInstances: 1
resources:
limits:
cpu: 100m
memory: 100Mi
requests:
cpu: 100m
memory: 100Mi
metrics: {}
serviceType: LoadBalancer