Expose Strategy problem #11495
-
Beta Was this translation helpful? Give feedback.
Replies: 6 comments 3 replies
-
It appears that when using the Check out the I'm not entirely sure if this will solve your problem, but going by the Hetzner CCM code and documentation, you might need to add this annotation as well:
|
Beta Was this translation helpful? Give feedback.
-
@embik We will be checking. For now.
|
Beta Was this translation helpful? Give feedback.
-
Unfortunately, it did not work. seed.yaml
|
Beta Was this translation helpful? Give feedback.
-
@embik
|
Beta Was this translation helpful? Give feedback.
-
@clickersmudge I've checked with some colleagues and it appears that KKP cannot handle the situation in your setup properly for the "LoadBalancer" expose strategy. In short, KKP expects all IPs on a LoadBalancer There isn't any workaround unless you convince the Hetzner CCM to not publish private IPs (which I'm not sure is possible, given that the option mentioned above was not effective). It's therefore possible that you cannot use this strategy in your environment right now. We'll however look into this and prioritise public IPs over private IPs in a future release. |
Beta Was this translation helpful? Give feedback.
-
Hey @clickersmudge, We investigated this a little bit and found out that you can annotate your LoadBalancer Service with the following annotation to disable the private IP:
Similarly, you can use the following annotation to disable the IPv6 address if you don't need it:
Once annotations are applied, Hetzner CCM will automatically update the Load Balancer on Hetzner, usually after a few seconds. |
Beta Was this translation helpful? Give feedback.
@clickersmudge I've checked with some colleagues and it appears that KKP cannot handle the situation in your setup properly for the "LoadBalancer" expose strategy. In short, KKP expects all IPs on a LoadBalancer
Service
to be "valid" and doesn't check if they're private or public. Since the Hetzner CCM publishes both public and private IPs, it's essentially bad luck that the private IPs take higher priority.There isn't any workaround unless you convince the Hetzner CCM to not publish private IPs (which I'm not sure is possible, given that the option mentioned above was not effective). It's therefore possible that you cannot use this strategy in your environment right now. We'll however l…