diff --git a/CHANGELOG.md b/CHANGELOG.md
index 11de54744..e4b3ed98f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -22,6 +22,11 @@
## Unreleased
+### Added
+
+- Add `ExternalTrafficPolicy` to `DataPlane`'s `ServiceOptions`
+ [#241](https://github.com/Kong/gateway-operator/pull/241)
+
### Breaking Changes
- Changes project layout to match `kubebuilder` `v4`. Some import paths (due to dir renames) have changed
diff --git a/api/v1beta1/dataplane_types.go b/api/v1beta1/dataplane_types.go
index 419e51ec6..f0922b6f6 100644
--- a/api/v1beta1/dataplane_types.go
+++ b/api/v1beta1/dataplane_types.go
@@ -172,6 +172,27 @@ type ServiceOptions struct {
//
// +optional
Annotations map[string]string `json:"annotations,omitempty" protobuf:"bytes,12,rep,name=annotations"`
+
+ // ExternalTrafficPolicy describes how nodes distribute service traffic they
+ // receive on one of the Service's "externally-facing" addresses (NodePorts,
+ // ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure
+ // the service in a way that assumes that external load balancers will take care
+ // of balancing the service traffic between nodes, and so each node will deliver
+ // traffic only to the node-local endpoints of the service, without masquerading
+ // the client source IP. (Traffic mistakenly sent to a node with no endpoints will
+ // be dropped.) The default value, "Cluster", uses the standard behavior of
+ // routing to all endpoints evenly (possibly modified by topology and other
+ // features). Note that traffic sent to an External IP or LoadBalancer IP from
+ // within the cluster will always get "Cluster" semantics, but clients sending to
+ // a NodePort from within the cluster may need to take traffic policy into account
+ // when picking a node.
+ //
+ // More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
+ //
+ // +optional
+ // +kubebuilder:default=Cluster
+ // +kubebuilder:validation:Enum=Cluster;Local
+ ExternalTrafficPolicy corev1.ServiceExternalTrafficPolicy `json:"externalTrafficPolicy,omitempty"`
}
// DataPlaneStatus defines the observed state of DataPlane
diff --git a/config/crd/bases/gateway-operator.konghq.com_dataplanes.yaml b/config/crd/bases/gateway-operator.konghq.com_dataplanes.yaml
index b04b98798..06379224d 100644
--- a/config/crd/bases/gateway-operator.konghq.com_dataplanes.yaml
+++ b/config/crd/bases/gateway-operator.konghq.com_dataplanes.yaml
@@ -8397,6 +8397,29 @@ spec:
More info: http://kubernetes.io/docs/user-guide/annotations
type: object
+ externalTrafficPolicy:
+ default: Cluster
+ description: |-
+ ExternalTrafficPolicy describes how nodes distribute service traffic they
+ receive on one of the Service's "externally-facing" addresses (NodePorts,
+ ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure
+ the service in a way that assumes that external load balancers will take care
+ of balancing the service traffic between nodes, and so each node will deliver
+ traffic only to the node-local endpoints of the service, without masquerading
+ the client source IP. (Traffic mistakenly sent to a node with no endpoints will
+ be dropped.) The default value, "Cluster", uses the standard behavior of
+ routing to all endpoints evenly (possibly modified by topology and other
+ features). Note that traffic sent to an External IP or LoadBalancer IP from
+ within the cluster will always get "Cluster" semantics, but clients sending to
+ a NodePort from within the cluster may need to take traffic policy into account
+ when picking a node.
+
+
+ More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
+ enum:
+ - Cluster
+ - Local
+ type: string
ports:
description: |-
Ports defines the list of ports that are exposed by the service.
diff --git a/config/crd/bases/gateway-operator.konghq.com_gatewayconfigurations.yaml b/config/crd/bases/gateway-operator.konghq.com_gatewayconfigurations.yaml
index 5ffbd9e80..a18c2fecd 100644
--- a/config/crd/bases/gateway-operator.konghq.com_gatewayconfigurations.yaml
+++ b/config/crd/bases/gateway-operator.konghq.com_gatewayconfigurations.yaml
@@ -16254,6 +16254,29 @@ spec:
More info: http://kubernetes.io/docs/user-guide/annotations
type: object
+ externalTrafficPolicy:
+ default: Cluster
+ description: |-
+ ExternalTrafficPolicy describes how nodes distribute service traffic they
+ receive on one of the Service's "externally-facing" addresses (NodePorts,
+ ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure
+ the service in a way that assumes that external load balancers will take care
+ of balancing the service traffic between nodes, and so each node will deliver
+ traffic only to the node-local endpoints of the service, without masquerading
+ the client source IP. (Traffic mistakenly sent to a node with no endpoints will
+ be dropped.) The default value, "Cluster", uses the standard behavior of
+ routing to all endpoints evenly (possibly modified by topology and other
+ features). Note that traffic sent to an External IP or LoadBalancer IP from
+ within the cluster will always get "Cluster" semantics, but clients sending to
+ a NodePort from within the cluster may need to take traffic policy into account
+ when picking a node.
+
+
+ More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
+ enum:
+ - Cluster
+ - Local
+ type: string
type:
default: LoadBalancer
description: |-
diff --git a/docs/api-reference.md b/docs/api-reference.md
index f5286b41e..de3cc40b5 100644
--- a/docs/api-reference.md
+++ b/docs/api-reference.md
@@ -754,6 +754,7 @@ DataPlaneServiceOptions contains Services related DataPlane configuration.
| `ports` _[DataPlaneServicePort](#dataplaneserviceport) array_ | Ports defines the list of ports that are exposed by the service. The ports field allows defining the name, port and targetPort of the underlying service ports, while the protocol is defaulted to TCP, as it is the only protocol currently supported. |
| `type` _[ServiceType](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#servicetype-v1-core)_ | Type determines how the Service is exposed. Defaults to `LoadBalancer`.
Valid options are `LoadBalancer` and `ClusterIP`.
`ClusterIP` allocates a cluster-internal IP address for load-balancing to endpoints.
`LoadBalancer` builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP.
More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types |
| `annotations` _object (keys:string, values:string)_ | Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects.
More info: http://kubernetes.io/docs/user-guide/annotations |
+| `externalTrafficPolicy` _[ServiceExternalTrafficPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#serviceexternaltrafficpolicy-v1-core)_ | ExternalTrafficPolicy describes how nodes distribute service traffic they receive on one of the Service's "externally-facing" addresses (NodePorts, ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure the service in a way that assumes that external load balancers will take care of balancing the service traffic between nodes, and so each node will deliver traffic only to the node-local endpoints of the service, without masquerading the client source IP. (Traffic mistakenly sent to a node with no endpoints will be dropped.) The default value, "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). Note that traffic sent to an External IP or LoadBalancer IP from within the cluster will always get "Cluster" semantics, but clients sending to a NodePort from within the cluster may need to take traffic policy into account when picking a node.
More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip |
_Appears in:_
@@ -908,6 +909,7 @@ such as the annotations.
| --- | --- |
| `type` _[ServiceType](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#servicetype-v1-core)_ | Type determines how the Service is exposed. Defaults to `LoadBalancer`.
Valid options are `LoadBalancer` and `ClusterIP`.
`ClusterIP` allocates a cluster-internal IP address for load-balancing to endpoints.
`LoadBalancer` builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP.
More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types |
| `annotations` _object (keys:string, values:string)_ | Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects.
More info: http://kubernetes.io/docs/user-guide/annotations |
+| `externalTrafficPolicy` _[ServiceExternalTrafficPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#serviceexternaltrafficpolicy-v1-core)_ | ExternalTrafficPolicy describes how nodes distribute service traffic they receive on one of the Service's "externally-facing" addresses (NodePorts, ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure the service in a way that assumes that external load balancers will take care of balancing the service traffic between nodes, and so each node will deliver traffic only to the node-local endpoints of the service, without masquerading the client source IP. (Traffic mistakenly sent to a node with no endpoints will be dropped.) The default value, "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). Note that traffic sent to an External IP or LoadBalancer IP from within the cluster will always get "Cluster" semantics, but clients sending to a NodePort from within the cluster may need to take traffic policy into account when picking a node.
More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip |
_Appears in:_
@@ -1158,6 +1160,7 @@ such as the annotations.
| --- | --- |
| `type` _[ServiceType](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#servicetype-v1-core)_ | Type determines how the Service is exposed. Defaults to `LoadBalancer`.
Valid options are `LoadBalancer` and `ClusterIP`.
`ClusterIP` allocates a cluster-internal IP address for load-balancing to endpoints.
`LoadBalancer` builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP.
More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types |
| `annotations` _object (keys:string, values:string)_ | Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects.
More info: http://kubernetes.io/docs/user-guide/annotations |
+| `externalTrafficPolicy` _[ServiceExternalTrafficPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#serviceexternaltrafficpolicy-v1-core)_ | ExternalTrafficPolicy describes how nodes distribute service traffic they receive on one of the Service's "externally-facing" addresses (NodePorts, ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure the service in a way that assumes that external load balancers will take care of balancing the service traffic between nodes, and so each node will deliver traffic only to the node-local endpoints of the service, without masquerading the client source IP. (Traffic mistakenly sent to a node with no endpoints will be dropped.) The default value, "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). Note that traffic sent to an External IP or LoadBalancer IP from within the cluster will always get "Cluster" semantics, but clients sending to a NodePort from within the cluster may need to take traffic policy into account when picking a node.
More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip |
_Appears in:_