kubernetes: "externalTrafficPolicy": "Local" not work fine

Is this a BUG REPORT or FEATURE REQUEST?:

/kind bug

What happened: I have defined a service thar use externalTrafficPolicy field to preserve source IP of clients requests. The configuration file to this service is as follow:

apiVersion: v1
kind: Service
metadata:
  labels:
    name: connector-tcp
  name: connector-tcp
spec:
  ports:
    # The port that this service should serve on.
    - port: 9955
      name: apisouth
      targetPort: 9955
      #nodePort: 30955
      protocol: TCP
    - port: 9443
      name: ssl-port-south
      targetPort: 9443
      protocol: TCP
    - port: 11112
      name: rmi-rabbitauth
      targetPort: 11112
      protocol: TCP
    - port: 54321
      name: sigfox
      targetPort: 54321
      protocol: TCP
  # Label keys and values that must match in order to receive traffic for this service.
  externalIPs:
    - "172.19.18.72"
  selector:
     app: connector
  type: LoadBalancer
  externalTrafficPolicy: Local

In the dashboard of Kubernetes the service appears as follow:

image

When I send a request to 9955/tcp port from a remote client, I see that the source IP is another that expected.

image

Otherwise, on the CoreOS host I see the source IP correctly.

image

What you expected to happen:

I expected that source IP inside the container must be the client address.

How to reproduce it (as minimally and precisely as possible):

Anything else we need to know?:

Other component versions: Calico Node: 2.5.1 Calico CNI: 1.5.2 Calico Kube Policy Controller: 0.7.0 Calico Leader Elector: 0.1.0 Flanneld: 0.7.1

Environment:

  • Kubernetes version (use kubectl version): Client Version: version.Info{Major:“1”, Minor:“7”, GitVersion:“v1.7.5”, GitCommit:“17d7182a7ccbb167074be7a87f0a68bd00d58d97”, GitTreeState:“clean”, BuildDate:“2017-08-31T09:14:02Z”, GoVersion:“go1.8.3”, Compiler:“gc”, Platform:“linux/amd64”} Server Version: version.Info{Major:“1”, Minor:“7”, GitVersion:“v1.7.5+coreos.0”, GitCommit:“070d238cd2ec359928548e486a9171b498573181”, GitTreeState:“clean”, BuildDate:“2017-08-31T21:28:39Z”, GoVersion:“go1.8.3”, Compiler:“gc”, Platform:“linux/amd64”}

  • Cloud provider or hardware configuration**: private

  • OS (e.g. from /etc/os-release): DISTRIB_ID=“Container Linux by CoreOS” DISTRIB_RELEASE=1465.6.0 DISTRIB_CODENAME=“Ladybug” DISTRIB_DESCRIPTION=“Container Linux by CoreOS 1465.6.0 (Ladybug)”

  • Kernel (e.g. uname -a): Linux coreos002.amplia.int 4.12.7-coreos #1 SMP Tue Aug 15 23:54:56 UTC 2017 x86_64 QEMU Virtual CPU version 2.0.0 GenuineIntel GNU/Linux

  • Install tools:

  • Others:

About this issue

  • Original URL
  • State: closed
  • Created 7 years ago
  • Comments: 29 (9 by maintainers)

Most upvoted comments

Please reopen.

It is not solved. I use a kubernetes cluster (on prem) and my pods are not able to see source IP as expected.

+6
JeremyJeanson on Aug 1, 2020
Read more comments on GitHub
← kubernetes: `externalTrafficPolicy: Local` doesn't work well with nodeport for internal traffic
kubernetes: "externalTrafficPolicy": "Local" on AWS does not work if the dhcp of the vpc is not set exactly to <region>.compute.internal →