nginx · j1m-ryan · Jan 5, 2024 · Jan 3, 2024 · Jan 3, 2024 · Jan 3, 2024
@@ -172,6 +172,7 @@ The table below summarizes the available annotations.
 |``nginx.com/health-checks-mandatory`` | N/A | Configures active health checks as mandatory. | ``False`` | [Support for Active Health Checks](https://github.com/nginxinc/kubernetes-ingress/tree/v3.4.0/examples/ingress-resources/health-checks). |
 |``nginx.com/health-checks-mandatory-queue`` | N/A | When active health checks are mandatory, creates a queue where incoming requests are temporarily stored while NGINX Plus is checking the health of the endpoints after a configuration reload. | ``0`` | [Support for Active Health Checks](https://github.com/nginxinc/kubernetes-ingress/tree/v3.4.0/examples/ingress-resources/health-checks). |
 |``nginx.com/slow-start`` | N/A | Sets the upstream server [slow-start period](https://docs.nginx.com/nginx/admin-guide/load-balancer/http-load-balancer/#server-slow-start). By default, slow-start is activated after a server becomes [available](https://docs.nginx.com/nginx/admin-guide/load-balancer/http-health-check/#passive-health-checks) or [healthy](https://docs.nginx.com/nginx/admin-guide/load-balancer/http-health-check/#active-health-checks). To enable slow-start for newly-added servers, configure [mandatory active health checks](https://github.com/nginxinc/kubernetes-ingress/tree/v3.4.0/examples/ingress-resources/health-checks). | ``"0s"`` |  |
+|``nginx.org/use-cluster-ip`` | N/A | Enables using the Cluster IP and port of the service instead of the default behavior of using the IP and port of the pods. When this field is enabled, the fields that configure NGINX behavior related to multiple upstream servers (like ``lb-method`` and ``next-upstream``) will have no effect, as the Ingress Controller will configure NGINX with only one upstream server that will match the service Cluster IP.   | ``False`` |  |
 {{% /table %}}
 
 ### Snippets and Custom Templates

@@ -214,7 +214,7 @@ We can see in the above output that our curl request is sent and received by NGI
 
 By default, for NGINX Ingress Controller, we populate the upstream server addresses with the endpoint IPs of the pods.
 
-When using the new `use-cluster-ip` feature, we will no populate the upstream with the `service` IP address, instead of the endpoint IP addresses.
+When using the new `use-cluster-ip` feature, we will now populate the upstream with the `service` IP address, instead of the endpoint IP addresses.
 
 In the 1.11 release, NGINX Ingress controller will only send one host header, depending on how you configure Ingress. By default NGINX Ingress Controller will send `proxy_set_header $host`. If Ingress has been configured with `action.proxy.requestHeaders` this ensures that only one set of headers will be sent to the upstream server. In summary, by setting `action.proxy.requestHeaders` in the `VirtualServer` CRD, NGINX Ingress will only send the specified headers that have been defined.
 

@@ -55,7 +55,6 @@ apiVersion: v1
 kind: Service
 metadata:
   name: tea-svc
-  labels:
 spec:
   ports:
   - port: 80

@@ -13,6 +13,9 @@
 // PathRegexAnnotation is the annotation where the regex location (path) modifier is specified.
 const PathRegexAnnotation = "nginx.org/path-regex"
 
+// UseClusterIPAnnotation is the annotation where the use-cluster-ip boolean is specified.
+const UseClusterIPAnnotation = "nginx.org/use-cluster-ip"
+
 // AppProtectPolicyAnnotation is where the NGINX App Protect policy is specified
 const AppProtectPolicyAnnotation = "appprotect.f5.com/app-protect-policy"
 
@@ -37,6 +40,7 @@
 	"nginx.com/health-checks":                 true,
 	"nginx.com/health-checks-mandatory":       true,
 	"nginx.com/health-checks-mandatory-queue": true,
+	UseClusterIPAnnotation:                    true,
 }
 
 var minionBlacklist = map[string]bool{
@@ -401,6 +405,14 @@
 			glog.Errorf("Ingress %s/%s: Invalid value nginx.org/path-regex: got %q. Allowed values: 'case_sensitive', 'case_insensitive', 'exact'", ingEx.Ingress.GetNamespace(), ingEx.Ingress.GetName(), pathRegex)
 		}
 	}
+
+	if useClusterIP, exists, err := GetMapKeyAsBool(ingEx.Ingress.Annotations, UseClusterIPAnnotation, ingEx.Ingress); exists {
+		if err != nil {
+			glog.Error(err)
+		} else {
+			cfgParams.UseClusterIP = useClusterIP
+		}
+	}
 	return cfgParams
 }
 

@@ -83,6 +83,7 @@ type ConfigParams struct {
 	SlowStart                              string
 	SSLRedirect                            bool
 	UpstreamZoneSize                       string
+	UseClusterIP                           bool
 	VariablesHashBucketSize                uint64
 	VariablesHashMaxSize                   uint64
 

@@ -511,21 +511,33 @@
 			endps = []string{}
 		}
 
-		for _, endp := range endps {
+		if cfg.UseClusterIP {
 			upsServers = append(upsServers, version1.UpstreamServer{
-				Address:     endp,
+				Address:     fmt.Sprintf("%s:%d", backend.Service.Name, backend.Service.Port.Number),
 				MaxFails:    cfg.MaxFails,
 				MaxConns:    cfg.MaxConns,
 				FailTimeout: cfg.FailTimeout,
 				SlowStart:   cfg.SlowStart,
 				Resolve:     isExternalNameSvc,
 			})
-		}
-		if len(upsServers) > 0 {
-			sort.Slice(upsServers, func(i, j int) bool {
-				return upsServers[i].Address < upsServers[j].Address
-			})
 			ups.UpstreamServers = upsServers
+		} else {
+			for _, endp := range endps {
+				upsServers = append(upsServers, version1.UpstreamServer{
+					Address:     endp,
+					MaxFails:    cfg.MaxFails,
+					MaxConns:    cfg.MaxConns,
+					FailTimeout: cfg.FailTimeout,
+					SlowStart:   cfg.SlowStart,
+					Resolve:     isExternalNameSvc,
+				})
+			}
+			if len(upsServers) > 0 {
+				sort.Slice(upsServers, func(i, j int) bool {
+					return upsServers[i].Address < upsServers[j].Address
+				})
+				ups.UpstreamServers = upsServers
+			}
 		}
 	}