From 5167cbc72b5a3e9bd73570adf8576f87a69efce3 Mon Sep 17 00:00:00 2001 From: "ryan-distrust.co" Date: Thu, 12 Jun 2025 02:44:19 -0400 Subject: [PATCH] Revert "k/ingress-nginx: use PROXY protocol" This reverts commit 5131134c1d1509d5179686f9694ecc588b97f070. Well, that was a rather disappointing result. Turns out, DigitalOcean adds PROXY lines to _all_ connections. I suppose that's to be expected. However, what wasn't expected, was that ingress-nginx would only be capable of handling them for HTTP/S traffic, and not TCP passthrough. For that reason, we actually can't enable PROXY without instead using a sidecar to eat the PROXY line. --- kustomizations/ingress-nginx/controller/resources.yaml | 2 -- kustomizations/ingress-nginx/kustomization.yaml | 1 - 2 files changed, 3 deletions(-) diff --git a/kustomizations/ingress-nginx/controller/resources.yaml b/kustomizations/ingress-nginx/controller/resources.yaml index f4e0a0a..63eff93 100644 --- a/kustomizations/ingress-nginx/controller/resources.yaml +++ b/kustomizations/ingress-nginx/controller/resources.yaml @@ -101,8 +101,6 @@ apiVersion: v1 kind: Service metadata: name: ingress-nginx-controller - annotations: - service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true" spec: ports: - appProtocol: http diff --git a/kustomizations/ingress-nginx/kustomization.yaml b/kustomizations/ingress-nginx/kustomization.yaml index 58856ad..486bbe5 100644 --- a/kustomizations/ingress-nginx/kustomization.yaml +++ b/kustomizations/ingress-nginx/kustomization.yaml @@ -15,7 +15,6 @@ configMapGenerator: literals: - allow-snippet-annotations=true - annotations-risk-level=Critical - - use-proxy-protocol=true replacements: - source: kind: Certificate