Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow adding pod/node affinity #52

Open
adyanth opened this issue Mar 28, 2022 · 5 comments · May be fixed by #73
Open

Allow adding pod/node affinity #52

adyanth opened this issue Mar 28, 2022 · 5 comments · May be fixed by #73
Labels
enhancement New feature or request roadmap Roadmap Item

Comments

@adyanth
Copy link
Owner

adyanth commented Mar 28, 2022

It would be good to have pod/node affinity rules to schedule the replicas on nodes that might be a part of different availability zones or other such use cases.

@adyanth adyanth added enhancement New feature or request roadmap Roadmap Item labels Mar 28, 2022
@adyanth
Copy link
Owner Author

adyanth commented Mar 28, 2022

To expand this issue's scope, allow modifying any (?) pod spec content?

@adyanth
Copy link
Owner Author

adyanth commented Mar 28, 2022

Something like this could be useful to run the pods on nodes with a different ISP providing internet. This assumes that all nodes have a label called isp whose value is the name of the ISP.

    spec:
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
          - podAffinityTerm:
              labelSelector:
                matchExpressions:
                - key: cfargotunnel.com/cluster-tunnel
                  operator: In
                  values:
                  - tunnel-name
              topologyKey: isp
            weight: 100

@spookyuser
Copy link

spookyuser commented Nov 14, 2022

Omg this would be amazing!

My pods are super unhappy with me when the same ip is directed to different pods during the same session, do you think I could setup nginx with session affinity and then put the cloudflare operator on the nginx service?

I don't know why but I'm feeling super commited to not opening any ports on my k8s cluster now that cloudflared exists, even though i guess the easier solution is just using nginx with cloudflare as non tunneled proxy

@adyanth
Copy link
Owner Author

adyanth commented Nov 14, 2022

Two things. This feature would not help you achieve stickiness for client traffic, this is more for cloudflared outbound traffic itself. Second, since all requests originated from cloudflared, with the only notion of the end user in the CF-Connecting-IP header.

You would need to run a reverse proxy (like nginx) with HTTP stickiness. Using headless service would work, but you would not get stickiness per user, but rather stickiness per cloudflared replica that is running.

@spookyuser
Copy link

Oh thanks for the clarification, that makes sense!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request roadmap Roadmap Item
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants