cmd/k8s-proxy: use L4 TCPForward instead of L7 HTTP proxy (#18179)

considerable latency was seen when using k8s-proxy with ProxyGroup in the kubernetes operator. Switching to L4 TCPForward solves this. Fixes tailscale#18171 Signed-off-by: chaosinthecrd <tom@tmlabs.co.uk> Co-authored-by: chaosinthecrd <tom@tmlabs.co.uk>
2026-03-05 13:47:54 -05:00
parent 1b53c00f2b
commit 19e2c8c49f
3 changed files with 21 additions and 14 deletions
@@ -21,6 +21,7 @@ import (
 	"strings"
 	"time"

+	"github.com/pires/go-proxyproto"
 	"go.uber.org/zap"
 	"k8s.io/apimachinery/pkg/util/sets"
 	"k8s.io/apiserver/pkg/endpoints/request"
@@ -150,10 +151,18 @@ func (ap *APIServerProxy) Run(ctx context.Context) error {
 		}
 	} else {
 		var err error
-		proxyLn, err = net.Listen("tcp", "localhost:80")
+		baseLn, err := net.Listen("tcp", "localhost:80")
 		if err != nil {
 			return fmt.Errorf("could not listen on :80: %w", err)
 		}
+		proxyLn = &proxyproto.Listener{
+			Listener:          baseLn,
+			ReadHeaderTimeout: 10 * time.Second,
+			ConnPolicy: proxyproto.ConnPolicyFunc(func(opts proxyproto.ConnPolicyOptions) (proxyproto.Policy,
+				error) {
+				return proxyproto.REQUIRE, nil
+			}),
+		}
 		serve = ap.hs.Serve
 	}