From 29c1d97e00d3ddaeed8cd7b607196506e980eecc Mon Sep 17 00:00:00 2001 From: Travis Groth Date: Wed, 6 Apr 2022 16:12:51 -0400 Subject: [PATCH] [pomerium] add externalTrafficPolicy for proxy service (#293) --- charts/pomerium/Chart.yaml | 2 +- charts/pomerium/README.md | 1 + charts/pomerium/templates/proxy-service.yaml | 3 +++ 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/charts/pomerium/Chart.yaml b/charts/pomerium/Chart.yaml index 4b071af4..5d6caa9f 100644 --- a/charts/pomerium/Chart.yaml +++ b/charts/pomerium/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: pomerium -version: 31.0.3 +version: 31.1.0 appVersion: 0.17.0 home: http://www.pomerium.com/ icon: https://www.pomerium.com/img/icon.svg diff --git a/charts/pomerium/README.md b/charts/pomerium/README.md index 4ff8cccc..c4ba4c1c 100644 --- a/charts/pomerium/README.md +++ b/charts/pomerium/README.md @@ -335,6 +335,7 @@ A full listing of Pomerium's configuration variables can be found on the [config | `proxy.deployment.podAnnotations` | Annotations for the proxy deployment pods | `{}` | | `proxy.redirectServer` | Expose redirect server for http->https on port 80 of the proxy service | `false` | | `proxy.service.annotations` | Annotations for the proxy service. If none given, then use value of `service.annotations` | `{}` | +| `proxy.service.externalTrafficPolicy` | Sets `service.spec.externalTrafficPolicy` for the pomerium proxy service. Set to `Local` to ensure the proxy is able to see client IPs accurately. [See more](https://kubernetes.io/docs/tutorials/services/source-ip/). | | | `proxy.service.nodePort` | Specify the nodePort when using service type NodePort | | | `proxy.service.type` | Specify the service type (ClusterIP, NodePort or LoadBalancer) for the proxy service | `ClusterIP` | | `proxy.serviceAccount.annotations` | Annotations for the proxy service account | `{}` | diff --git a/charts/pomerium/templates/proxy-service.yaml b/charts/pomerium/templates/proxy-service.yaml index c7829b3b..f7e53531 100644 --- a/charts/pomerium/templates/proxy-service.yaml +++ b/charts/pomerium/templates/proxy-service.yaml @@ -29,6 +29,9 @@ spec: {{- else }} type: {{ coalesce .Values.proxy.service.type "ClusterIP" }} {{- end }} + {{- if .Values.proxy.service.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.proxy.service.externalTrafficPolicy }} + {{- end }} ports: - port: {{ template "pomerium.proxy.trafficPort.number" . }} targetPort: {{ template "pomerium.proxy.httpTrafficPort.scheme" . }}