Set `ipMode: Proxy` for LoadBalancer services with proxy mode enabled

[sgielen]

In 2020, Scaleway proposed KEP-1860, a way to inform Kubernetes whether a load balancer is transparent or not. This can be used if the load balancer applies things like TLS termination or the proxy protocol. If this is the case, any connections from inside the cluster must go to the external load balancer before going back into the cluster. Otherwise, the connections inside the cluster will remain wrapped in TLS while the application expects plaintext, or will not be wrapped in the proxy protocol, while the application expects so.

Since v1.30 this KEP is in beta, i.e. default enabled. This is also the case on Scaleway clusters. This can be observed, because the LoadBalancer Services have their ipMode set to the default:

status:
  loadBalancer:
    ingress:
    - ip: 51.<snip>
      ipMode: VIP

However, the next step is to set the ipMode to Proxy properly, if the external LoadBalancer must be used even for traffic inside the cluster. This is the case, for example, if the service.beta.kubernetes.io/scw-loadbalancer-proxy-protocol-v2 annotation is set (there may be other annotations as well).

[sgielen]

@Tomy2e apologies for the random highlight but I see you're the last person working on this project.

I've just set up a new k8s 1.32 cluster on Scaleway and I see that this is not fixed yet within the CCM, even though the KEP to fix it was proposed by Scaleway itself (@Sh4d1) and is now stable on kubernetes 1.32.

Do you think this could be addressed? I could do a patch for it, but it's difficult for me to test since the CCM is auto-deployed by Scaleway so I don't think I can run a patched version myself? Would it be possible for me to run my own CCM somehow, so I can test this and provide a PR for it?

[Tomy2e]

Hello, I just merged PR #185 which implements this feature, sorry for the long response time.

This patch will be included in version 0.33.0 of the CCM, which will soon be deployed on our managed Kubernetes products (Kapsule / Kosmos).

Thank you for your patience and proposition of contribution. Next time, if you wish to contribute a patch to the CCM, you can deploy a Kubernetes cluster on Scaleway using a "self-managed" solution such as Cluster API, kOps, or kubeadm / k3s and run the CCM locally, against this cluster.