Can one of the admins verify that this patch is reasonable to test? (reply "ok to test", or if you trust the user, reply "add to whitelist")

If this message is too spammy, please complain to ixdy.

So the GCE load balancer preserves the target IP, so we rely on that source IP to identify load-balanced traffic. The AWS load balancer (ELB) does not preserve the target IP, so we have to use NodePort.

How does load-balanced traffic on OpenStack present itself? Is the target IP once it hits the node the external IP of the load-balancer, or is it the IP of the node? And which OpenStack setup are you running here - I think I would enjoy bringing up a commonly-used OpenStack configuration and giving Kubernetes a try there!

Your patch looks right, but I want to be sure that e.g. we're not breaking another OpenStack configuration here.

I think @anguslees wrote the original code so may be able to comment here also.

Ah I see; I'm running Kubernetes on CoreOS with flannel (on OpenStack, of course).

It's hard to tell if the target is preserved as the members fail to actually initialize - they fail to get a connection and will hang in an Initializing state.

There's also no configuration for the real target IP so health monitors (e.g. TCP) will also fail.

Huh, it seems k8s networking has changed quite a bit since I wrote this code...
Yes, this looks like the correct change from the k8s NodePort docs I've just read.

@justinsb: OpenStack loadbalancers are mostly like AWS's. The destination IP on the packet that gets sent to the LB backend will be the IP of that node (aka LB pool member - the addr+port given in the Create() call being modified in this change).

needs rebase and an owner; @brendandburns as temp

edit: merge → rebase

Rebased

Blind LGTM, since I don't really know OpenStack...