-
Notifications
You must be signed in to change notification settings - Fork 326
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow to set Service LoadBalancer IP #1841
Comments
I don't think it should be hard to set so I can wire a PR. |
it looks like |
Right. I did not know it was going to be deprecated. Fair enough. Then the way to go is as recommend to implement the option using the Gateway API. For instance the GKE gateway allow to set an option to define the static ip address. Unfortunately that service annotation pointed by you does not cover this use case. I need to set up a public static IP address. |
yes you could always use GKE gateway but you'd be missing out on the extensive features in Envoy Gateway :) even Envoy Gateway supports Gateway.Spec.Addresses but it doesnt affect the Cloud Loabalancer curious why |
As said above I have a public IP v4. That annotation is internal subnet. Doesn't not relate at all with public IP addresses. |
ah yes, thanks for the clarification |
Then I think the way to go would be as the approach proposed done by Google https://cloud.google.com/kubernetes-engine/docs/how-to/deploying-gateways#use_a_named_ip_address where the IP address would be referenced as a named IP address. However this would be a GCP only approach. what do you think? |
I dont think above approach will work, the |
Sure. The logic there is tight to GKE but so would be also ours. I mean the logic in the envoy gateway controller would be: get the IP address from GCP using the named address, assign this IP to the Service LoadBalancer. This last part I'm sure it should be vendor agnostic and Kubernetes sig-network group has some idea how to achieve that. I haven't looked at it yet. |
Envoy Gateway supports the ability to set an address to the Gateway https://gateway.envoyproxy.io/v0.5.0/user/gateway-address.html which translates to |
We would still need to implement in the envoy gateway controller gcp vendor logic to make sure that in the provider THAT named ip addr is set to the provider LB. |
+1 IMO we definitely need a way to support configuring this on a per-gateway basis, even if it is only a temporary solution since even though the field is deprecated, it is still the main way that GKE users assign IPs to LB services. cc @LanceEa if you want to add any other comments or ideas/suggestions to this conversation |
@mazzy89 - Thanks for raising this and @AliceProxy thanks for nudging me 😄. I have had notes on this subject and plans to write-up a proposal for a few weeks now. It would be great if there was a one size fits all for this but as always the devil is in the details. tl;dr; My proposal is that we add a field to the EnvoyProxy config Pros:
Cons:
Why a static IP addresses is preferred?I think this is well known but thought I would add anecdote that is driving my interest in this feature. I recently caused an outage on some internal services that are running through EG on GKE. Since EG was creating the Service it would create the Public external IP address which I then update DNS to resolve to it. I then submitted some bad config which to my surprise caused EG to delete all my infrastructure. Which was then compounded because when I did my roll back in gitops the IP address had changed so I needed to then go update DNS again to get all the services back up an running. This led me down the rabbit hole of research which is below 😄. K8s DeprecationAlthough the docs state it is deprecated, it seems that this is a loose "deprecation" and more of a nudge/caveat driven deprecation.
K8s Service docsAs mentioned above but just copying from my research notes: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer
Azure AKS SupportAzure supports both the Google GKE SupportGKE only supports the I also saw this in stackoverflow where it appears to be a GCP employee commenting (I'm guessing) AWS SupportLegacy K8s in-tree CloudProviderIt looks like the in-tree provider is removed in K8s 1.27+ and seems AWS will force the usage of its own controller when When looking at the legacy in-tree here: https://github.com/kubernetes/legacy-cloud-providers/blob/b9cd095f9783c9c9d9e762579cbeb6e28c4d1e80/aws/aws.go#L4018. It appears that it supports annotations but maybe has limited support for AWS LB ControllerSupports lots of annotations and is probably the recommended AWS method going forward as the in-cluster providers are phased out. |
yea there's a GEP to add parametersRef to gateway to configure per-gateway infrastructure. Once that's in place, we can start attaching EnvoyProxy on Gateways which would be pretty useful here. I could even make an argument that staticIP should be a first class field for gateway infrastructure |
thanks for the details @LanceEa, based on the fact that the field is not going to be removed any time soon, im okay with EG adding support for it. reg outage due to DNS record going stale, recommend External DNS + Gateway API integration :) |
Fixes: envoyproxy#1841 Signed-off-by: Arko Dasgupta <arko@tetrate.io>
Fixes: envoyproxy#1841 Signed-off-by: Arko Dasgupta <arko@tetrate.io>
* Support configuring loadBalancerIP in envoy svc Fixes: #1841 Signed-off-by: Arko Dasgupta <arko@tetrate.io> * typo Signed-off-by: Arko Dasgupta <arko@tetrate.io> * reject ipv6 Signed-off-by: Arko Dasgupta <arko@tetrate.io> --------- Signed-off-by: Arko Dasgupta <arko@tetrate.io>
Description:
At the current state it is not possible to set to the created Service LoadBalancer an user static IP address. The property is not exposed.
There are cases in various cloud providers like GCP where it is possibile to create a static IP address and reference it around.
There is a TODO in the EnvoyProxy ServiceSpec.
The text was updated successfully, but these errors were encountered: