Add support for ipmode field of loadbalancers #2014
Description
Is your feature request related to a problem? Please describe
In bare-metal environments, it is common to use a local proxy (like NGINX, HAProxy, or a hardware appliance) as a LoadBalancer. When this proxy resides on the same node as the workload, or when the CNI is responsible for routing LoadBalancer IPs via IPVS, a conflict occurs if the CNI treats the LoadBalancer IP as a Virtual IP (VIP).
Currently, kube-router automatically adds all IPs found in .status.loadBalancer.ingress[] to the local IPVS table. If the LoadBalancer is operating in Proxy mode (where the traffic is already being handled by an external process), kube-router creating a local IPVS entry can hijack that traffic.
Describe the solution you'd like
I would like kube-router to respect the .status.loadBalancer.ingress[].ipMode field as defined in the KEP-1860:
- If
ipMode: VIP(or unset/default): kube-router should continue its current behavior—adding the IP to IPVS and announcing it via BGP (if configured). - If
ipMode: Proxy: kube-router should skip adding this specific IP to the IPVS interface and service rules. This allows the underlying host routing or the proxy process itself to handle the traffic without interference from kube-router's load-balancing logic.
Describe alternatives you've considered
- Manual VIP mapping: Assigning a dummy VIP that points to the proxy. This is redundant and adds complexity to the LoadBalancer implementation.
- Exclude-CIDR flags: Using kube-router flags to ignore certain IP ranges. However, this is a "blunt instrument" and doesn't allow for the granular, per-service control that the native K8s API now provides.
I would create a PR myself but I am not to sure about the code, can this just be added with an if clause here?
Thanks Fabian