From b1b0a34d1f78cf3b6a2d401234f73e78ae3ca3bf Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Sat, 5 Feb 2022 03:24:11 +0100
Subject: [PATCH] fix(nginx-system): Fix external IP address handling

This patch should fix the external IP address handling to prevent
rewriting of the external IPs by kube-proxy and allow features like
source-whitelisting to work as expected.

References:
https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#over-a-nodeport-service
---
 infrastructure/nginx-system/release.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/nginx-system/release.yaml b/infrastructure/nginx-system/release.yaml
index 5339732b3..ba5395d4c 100644
--- a/infrastructure/nginx-system/release.yaml
+++ b/infrastructure/nginx-system/release.yaml
@@ -172,7 +172,7 @@ spec:
         ## Set external traffic policy to: "Local" to preserve source IP on
         ## providers supporting it
         ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer
-        # externalTrafficPolicy: ""
+        externalTrafficPolicy: "Local"
 
         # Must be either "None" or "ClientIP" if set. Kubernetes will default to "None".
         # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
-- 
GitLab