Skip to content

Ability to set service externalTrafficPolicy & internalTrafficPolicy to Local #3797

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
yarosq opened this issue Dec 5, 2023 · 5 comments · Fixed by #3812
Closed

Ability to set service externalTrafficPolicy & internalTrafficPolicy to Local #3797

yarosq opened this issue Dec 5, 2023 · 5 comments · Fixed by #3812
Labels
backlog enhancement Sustainment Engineering triaged v5

Comments

@yarosq
Copy link

yarosq commented Dec 5, 2023

Overview

We have some clients connecting to our databases from outside the Kubernetes cluster. By default service with type Loadbalancer set externalTrafficPolicy/internalTrafficPolicy to Cluster which mask the source IP with the Kubernetes nodes IP. In this case we can not control the access to the cluster based on source IP.

Use Case

Setting externalTrafficPolicy/internalTrafficPolicy to local allows us to preserve IPs of the client, thus we can restrict/allow access via pg_hba.

Desired Behavior

Ability to set service externalTrafficPolicy & internalTrafficPolicy to Local

kind: PostgresCluster
spec:
  service:
    externalTrafficPolicy: Local
    internalTrafficPolicy: Local
...
baptman21 added a commit to baptman21/postgres-operator that referenced this issue Dec 21, 2023
@baptman21
Add internal and external traffic policy to crd.
565f795 
To allow more modifications to the service created for the pgboucer, add
the externalTrafficPolicy and internalTrafficPolicy to the CRD of the
service.

Issue: CrunchyData#3797
@baptman21 baptman21 mentioned this issue Dec 21, 2023
Merged
10 tasks
@benjaminjb
Copy link
Contributor

Hi, sorry you're running into this, and I can definitely see how it would be necessary to adjust the services that PGO creates.

That said, for a short-term fix, could you create/manage services directly? That way you could define the service with exactly the specs that you need. (You could completely ignore the PGO-provided services or use them as models for your services, e.g., what selectors the service needs, etc.)

@benjaminjb
Copy link
Contributor

I've just had another idea, but not sure it will work: PGO doesn't directly edit the externalTrafficPolicy and internalTrafficPolicy fields -- can you edit the fields of the services? And does PGO overwrite those fields if you do?

@yarosq
Copy link
Author

yarosq commented Jan 2, 2024

I've just had another idea, but not sure it will work: PGO doesn't directly edit the externalTrafficPolicy and internalTrafficPolicy fields -- can you edit the fields of the services? And does PGO overwrite those fields if you do?

Thank you @benjaminjb
Yes that what I am using as a workaround at the moment as PGO does not update internalTrafficPolicy/externalTrafficPolicy. The only problem, it complicates the setup with CD tools such as Flux, so hoping this can be added in the future releases.

@dsessler7
Copy link
Contributor

Just noting here that we have a story in our development backlog for this ability.

jmckulk pushed a commit to baptman21/postgres-operator that referenced this issue May 20, 2024
@baptman21 @jmckulk
Add internal and external traffic policy to crd.
b695f30 
To allow more modifications to the service created for the pgboucer, add
the externalTrafficPolicy and internalTrafficPolicy to the CRD of the
service.

Issue: CrunchyData#3797
jmckulk pushed a commit that referenced this issue May 21, 2024
@baptman21 @jmckulk
Add internal and external traffic policy to crd.
c104cdd 
To allow more modifications to the service created for the pgboucer, add
the externalTrafficPolicy and internalTrafficPolicy to the CRD of the
service.

Issue: #3797
@benjaminjb benjaminjb linked a pull request Jun 24, 2024 that will close this issue
Add internal and external traffic policy to crd. #3812
Merged
10 tasks
@benjaminjb
Copy link
Contributor

Hello @yarosq, just wanted to update you on the state of this issue if you haven't seen: a PR with these changes was merged in and is part of the most recent release. Thanks for bringing this to our attention!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
backlog enhancement Sustainment Engineering triaged v5
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add internal and external traffic policy to crd. baptman21/postgres-operator
3 participants
@benjaminjb @dsessler7 @yarosq