-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add service annotation to set public/private iface for NodePort #1310
add service annotation to set public/private iface for NodePort #1310
Conversation
Welcome @rbtr! |
8ed07ce
to
bac9b92
Compare
/assign @linki |
honestly, this could be the start of a larger story on being able to appropriately segregate private/public IPs and zones - like maybe if the |
1d134b5
to
5150850
Compare
bump? @linki @hjacobs @njuettner |
Duplicate of #1212? |
@jonathan-mothership yeah, this and that PR are very similar in effect, if not identical. i won't close this yet because i think, conceptually, saying "ignore public" is not the best way to characterize this datapath - it would be better to allow the user to be explicit in saying "use public" or "use private" - and that's a significant distinction in our implementations. but i think it's safe to say neither PR author thinks that the current behavior of external-dns assuming which interface we want to use for us is correct either 😅 |
I agree with you completely, @rbtr, this feature is useful for private EKS clusters. FWIW I've taken the other PR and modified the annotation name and value to be |
@linki @hjacobs @njuettner |
5150850
to
0fa6ad5
Compare
8a4f385
to
6dab832
Compare
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
@rbtr no updates yet. It is in my queue to review. It looks like there is conflict in |
/assign |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the PR @rbtr !
I gave this a review and the code change looks good to me. Thanks for the clear update of the docs and including the necessary test cases.
If you can fix the merge conflicts and rebase, I'll throw my LGTM label on there and will work with the official maintainers to get this reviewed and hopefully merged soon.
Wilco, thanks for the update |
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
ae7950e
to
522d1f5
Compare
522d1f5
to
5873931
Compare
5873931
to
54320a1
Compare
@vinny-sabatini rebased |
/assign @Raffo |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
/assign @njuettner |
/approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: Raffo, rbtr The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
thanks all! |
Scenario: in AWS with a private hosted zone, and instances with both public and private IPs, I would like some NodePort services to be registered in DNS with the node's private IP so that they're only resolvable within my VPC.
This is my reattempt at #898 since it appears abandoned, and I think that having the public/private interface selection should happen on a per-service basis rather than globally.
I'm open to suggestions on what the annotation should be renamed to, consider "access" a placeholder...
Finally, this change should be backwards compatible - if the annotation is not present we fall through to the previous behavior.