Clarify "Getting the source IP behind the loadbalancer" when using internal networks

[blokje]

I recently deployed an K8s cluster with an internal network, this all works great but getting the source IP for HTTP requests is not documented.

1. The annotation lb.k8s.ovh.net/egress-ips is not added to the service
2. The egress IPs are also not accessible through the OVH api (or I couldn't figure out how)

After some trial and error and stumbling upon the following "known limitation" in the vRack docs

You will still see a public IPv4 address on your worker nodes. This IP won’t be reachable from the Internet, and used exclusively for the administration of your nodes and its link to the Kubernetes control plane.

I realized I should use my internal IP range as CIDR for setting this up correctly, so using the nginx helm chart as example I now have the following config stanza which works out for me.

controller:
  service:
    externalTrafficPolicy: "Local"
    annotations:
      service.beta.kubernetes.io/ovh-loadbalancer-balance: source
      service.beta.kubernetes.io/ovh-loadbalancer-proxy-protocol: "v2"
  config:
    use-proxy-protocol: "true"
    # Use subnet from internal network
    proxy-real-ip-cidr: "10.0.0.0/20" 

Please update the documentation accordingly, but if not, I hope the following helps other people out who run into the same issue.

[cortexx]

Hello @blokje

I don't known if you have seen it but @raclepoulpe worked on the Getting the source IP behind the LoadBalancer documentation and updated it to add more details related to the usage of the proxy protocol when the OVHcloud Managed Kubernetes Service is running inside a vRack.

Related PR: #2411

You could find the new version of the documentation here: https://docs.ovh.com/gb/en/kubernetes/getting-source-ip-behind-loadbalancer/

If all seems to be OK for you, could you close this issue?
-- Joël

[blokje]

Thank you! Will close the issue!