部分讲解: We’re also seeing this as an issue at DigitalOcean. It’s a concern not just for load-bala ……

部分讲解: We’re also seeing this as an issue at DigitalOcean. It’s a concern not just for load-balancer TLS termination, but also for supporting proxy protocol as encouraged in ( https://kubernetes.io/docs/tutorials/services/source-ip/ ). Traffic addressed to the LB ip from within the cluster never reaches the load-balancer, and the required proxy header isn’t applied, causing a protocol violation. The in-tree AWS service type loadbalancer supports proxy protocol and TLS termination, but because they populate status.loadbalancer.ingress.hostname rather than .ip they avoid this bug/optimization. We’re willing to put together a PR to address this there’s interest from sig-network to accept it. We’ve considered a kube-proxy flag to disable the optimization, or the more complex option of extending

圈主 管理员

热门评论
:
该帖子评论已关闭
图片审查中...
编辑答案: 我的回答: 最多上传一张图片和一个附件
x
x
个人中心
购物车
优惠劵
今日签到
有新私信 私信列表
搜索