Allow adding pod/node affinity

[adyanth]

It would be good to have pod/node affinity rules to schedule the replicas on nodes that might be a part of different availability zones or other such use cases.

[adyanth]

To expand this issue's scope, allow modifying any (?) pod spec content?

[adyanth]

Something like this could be useful to run the pods on nodes with a different ISP providing internet. This assumes that all nodes have a label called isp whose value is the name of the ISP.

    spec:
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
          - podAffinityTerm:
              labelSelector:
                matchExpressions:
                - key: cfargotunnel.com/cluster-tunnel
                  operator: In
                  values:
                  - tunnel-name
              topologyKey: isp
            weight: 100

[spookyuser]

Omg this would be amazing!

My pods are super unhappy with me when the same ip is directed to different pods during the same session, do you think I could setup nginx with session affinity and then put the cloudflare operator on the nginx service?

I don't know why but I'm feeling super commited to not opening any ports on my k8s cluster now that cloudflared exists, even though i guess the easier solution is just using nginx with cloudflare as non tunneled proxy

[adyanth]

Two things. This feature would not help you achieve stickiness for client traffic, this is more for cloudflared outbound traffic itself. Second, since all requests originated from cloudflared, with the only notion of the end user in the CF-Connecting-IP header.

You would need to run a reverse proxy (like nginx) with HTTP stickiness. Using headless service would work, but you would not get stickiness per user, but rather stickiness per cloudflared replica that is running.

[spookyuser]

Oh thanks for the clarification, that makes sense!