You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
**Description:** Enables the [HAProxy Proxy Protocol](https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt) on a CloudStack load balancer. This annotation only applies to TCP service ports and requires CloudStack 4.6 or later.
85
+
86
+
**Use Case:** Use this annotation when you need to preserve the original client IP address through the load balancer. This is commonly required for ingress controllers like Traefik or Nginx that need to know the client's real IP address.
**Description:** Sets a hostname for the load balancer ingress instead of using the IP address. This is a workaround for [Kubernetes issue #66607](https://github.com/kubernetes/kubernetes/issues/66607).
110
+
111
+
**Use Case:** Use this annotation when you need the LoadBalancer status to return a hostname instead of an IP address. This is useful for DNS-based routing or when you want to expose a specific hostname.
**Description:** Specifies the source CIDR list for firewall rules on the CloudStack load balancer. This restricts which IP addresses can access the load balancer.
133
+
134
+
**Use Case:** Use this annotation to restrict access to your load balancer to specific IP ranges for security purposes. This is particularly useful for internal services or when you want to limit access to specific networks.
**Format:** Comma-separated list of CIDR ranges. Spaces around commas are automatically trimmed.
149
+
150
+
**CloudStack Version:** Updating CIDR lists on existing load balancer rules requires CloudStack 4.22 or later. Creating new load balancer rules with CIDR lists works on earlier versions.
151
+
152
+
**Note:** If the annotation is empty or not set, the default behavior is to allow all sources (`0.0.0.0/0`). An empty annotation value (`""`) will result in an empty CIDR list, effectively blocking all traffic.
153
+
74
154
### Node Labels
75
155
76
156
:warning: **The node name must match the host name, so the controller can fetch and assign metadata from CloudStack.**
@@ -87,13 +167,13 @@ Supported labels for Kubernetes versions up to 1.16 are:
87
167
* kubernetes.io/hostname (= the instance name)
88
168
* beta.kubernetes.io/instance-type (= the compute offering)
89
169
* failure-domain.beta.kubernetes.io/zone (= the zone)
90
-
* failure-domain.beta.kubernetes.io/region (also = the zone)
170
+
* failure-domain.beta.kubernetes.io/region (= region from config if defined, otherwise the zone)
91
171
92
172
Supported labels for Kubernetes versions 1.17 and later are:
93
173
* kubernetes.io/hostname (= the instance name)
94
174
* node.kubernetes.io/instance-type (= the compute offering)
95
175
* topology.kubernetes.io/zone (= the zone)
96
-
* topology.kubernetes.io/region (also = the zone)
176
+
* topology.kubernetes.io/region (= region from config if defined, otherwise the zone)
97
177
98
178
It is also possible to trigger this process manually by issuing the following command:
0 commit comments