support for loadBalancerSourceRanges

[moonek]

Is this a BUG REPORT or FEATURE REQUEST?:

/kind feature

What happened:

The loadBalancerSourceRanges field of the k8s service object spec is intended to control access to the client ip.

spec:
  loadBalancerSourceRanges:
    - "123.123.123.0/24"

This feature works by kube-proxy in in-cluster, but should also apply to external loadbalancer.

It seems to be implemented in the pkg/cloudprovider/vsphereparavirtual source. https://github.com/kubernetes/cloud-provider-vsphere/blob/master/pkg/cloudprovider/vsphereparavirtual/vmservice/vmservice.go#L220

However, the environment I use seems to work by referring to the pkg/cloudprovider/vsphere source. The loadBalancerSourceRanges feature is not implemented in this pkg.

It seems to be related to the nsx-t virtual server acl setting and loadBalancerSourceRanges.

Any plans for support for this feature?

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle stale
• Mark this issue or PR as rotten with /lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[lubronzhan]

Fixed in add snat disable flag to preserve client IP when using inline mode #523

[moonek]

@lubronzhan The snatDisabled flag is a prerequisite for developing loadBalancerSourceRanges. Currently the loadBalancerSourceRanges feature is not in pkg/cloudprovider/vsphere. Therefore, this issue cannot be closed. I can develop it later.