Open szuecs opened 1 week ago
This with ip preservation normally leads to shortcircuit in kernel with src writing TLS and dst reading plain text and replying plain text but kernel doesn't know about TLS server side so protocol confusion . Maybe https://github.com/kubernetes/enhancements/tree/master/keps/sig-network/1860-kube-proxy-IP-node-binding solves the problem and sig-network slack https://kubernetes.slack.com/archives/C09QYUH5W/p1728654443481729 discuss if it is a possible fix.
Another option is to implement PROXY protocol supported by NLB.
This with ip preservation normally leads to shortcircuit in kernel with src writing TLS and dst reading plain text and replying plain text but kernel doesn't know about TLS server side so protocol confusion . Maybe https://github.com/kubernetes/enhancements/tree/master/keps/sig-network/1860-kube-proxy-IP-node-binding solves the problem and sig-network slack https://kubernetes.slack.com/archives/C09QYUH5W/p1728654443481729 discuss if it is a possible fix.