How to get Loadbalancer Health Checks to work with externalTrafficPolicy: Local
I am trying to set up a Loadbalancer/Nginx-ingress. Everything works good so far.
But there is one Problem. Following some tutorials and hints on DO a recommended setting for the loadbalancer is
externalTrafficPolicy: Local. With this set the DO-Loadbalancer fails Health-Checks.
What I researched so far is when I switch to
Cluster (health checks work then), I will loose the client IP and maybe get an additional hop inside the cluster and also the LB maybe forwards traffic to a node with less or no pods, but the ingress will route correctly.
With my current setup everything works quite good and I also have the forwarded headers with the correct IP but I wonder if setting externalTraffic to cluster will impact performance and scaling.
Any hints on this would be great, even if the answer is that it is currently not possible :)
apiVersion: v1 metadata: name: ingress-nginx namespace: ingress-nginx labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx annotations: service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: 'true' spec: externalTrafficPolicy: Cluster type: LoadBalancer selector: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx ports: - name: http port: 80 protocol: TCP targetPort: http - name: https port: 443 protocol: TCP targetPort: https
apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: name: ingress-name annotations: kubernetes.io/ingress.class: 'nginx' nginx.ingress.kubernetes.io/from-to-www-redirect: 'true' spec: tls: - hosts: - www.some-domain.com - some-domain.com secretName: some-cert rules: - host: www.some-domain.com http: paths: - backend: serviceName: service-name servicePort: 3000
and the ingress config map:
kind: ConfigMap apiVersion: v1 metadata: name: nginx-configuration namespace: ingress-nginx labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx data: proxy-hide-headers: 'Server' server-tokens: 'False' use-forwarded-headers: 'true' compute-full-forwarded-for: 'true' use-proxy-protocol: 'true'
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.×