IBM Cloud Docs
Configuring Ingress

Configuring Ingress

Learn how you can configure your Ingress setup to meet your workload needs.

Preserving the source IP address

To preserve source IP addresses, you can enable the PROXY protocol for VPC clusters. This option is available for clusters that run version 4.13 or later.

The PROXY protocol provides a convenient way to transport connection information, such as a client's address, across multiple layers of NAT or TCP proxies. For more information on the PROXY protocol, see the HAProxy specification.

By default, the Ingress controller receives connections that contain only the source address associated with the load balancer. You can enable the PROXY protocol in VPC clusters to configure the load balancer to preserve the original client address for connections that the Ingress controller receives.

Enabling the PROXY protocol

  1. Edit the Ingress Controller resource.

    oc -n openshift-ingress-operator edit ingresscontroller/default

  2. In the Ingress controller resource, find the spec.endpointPublishingStrategy.loadBalancer section and define the following providerParameters values.

    endpointPublishingStrategy:
  loadBalancer:
    providerParameters:
      type: IBM
      ibm:
        protocol: PROXY
    scope: External
  type: LoadBalancerService

  3. Save and apply the resource.

Disabling PROXY protocol

  1. Edit the Ingress Controller resource.

    oc -n openshift-ingress-operator edit ingresscontroller/default

  2. In the Ingress controller resource, find the spec.endpointPublishingStrategy.loadBalancer section and define the following providerParameters values.

    endpointPublishingStrategy:
  loadBalancer:
    providerParameters:
      type: IBM
      ibm:
        protocol: TCP
    scope: External
  type: LoadBalancerService

  3. Save and apply the resource.

Customizing Ingress routing with annotations

If you want to customize routing rules for your app, you can use route-specific HAProxy annotations in the Ingress resources that you define.

These supported annotations are in the format haproxy.router.openshift.io/<annotation> or router.openshift.io/<annotation>.IBM Cloud Kubernetes Service annotations (ingress.bluemix.net/<annotation>) and NGINX annotations (nginx.ingress.kubernetes.io/<annotation>) are not supported for the Ingress controller or the Ingress resource in Red Hat OpenShift version 4.