Proxy-protocol is not actually supported on GKE using the default LoadBalancer service.

[mzglinski]

What happened

The ingress-nginx deployment documentation for GKE (https://kubernetes.github.io/ingress-nginx/deploy/#gce-gke) states that "Proxy-protocol is supported in GCE check the Official Documentations on how to enable.". When you check the GCE documentation and try to follow the instructions, you will realize that enabling Proxy protocol on an existing Passthrough load balancer is impossible, which is the type of LB created by default.
However, when checking the GKE LoadBalancer Service parameters documentation (https://cloud.google.com/kubernetes-engine/docs/concepts/service-load-balancer-parameters), there is no annotation available to enable proxy protocol for the default LoadBalancer service.

This creates confusion for users trying to enable proxy protocol on GKE, as the documentation suggests it's supported but provides no clear way to enable it.

What you expected to happen

The documentation should either:

1. Clearly specify how to enable proxy protocol on GKE (if it is actually supported)
2. Remove or correct the statement about proxy protocol support if it's not actually supported
3. Clarify if there are specific requirements or limitations for proxy protocol support on GKE

How to reproduce

1. Deploy ingress-nginx on GKE using the documented method
2. Try to enable proxy protocol by following the official documentation on the created passthrough load balancer
3. Discover that it's not possible to modify an existing load balancer

Environment

• Kubernetes version: 1.31.5-gke.1023000 (GKE)
• Ingress-NGINX version: v4.12.0
• Cloud provider: Google Kubernetes Engine (GKE)

/kind documentation
/remove-kind feature

[longwuyuan]

We don't test on GKE. Somone can potentially create GKE cluster and reproduce but it costs money and time. Have you found the right way to enable proxy-protocol already and are just reporting this as a docs error ? Or you have not been able to enable proxy protocol on GCP LB ?

[longwuyuan]

https://cloud.google.com/load-balancing/docs/tcp/setting-up-tcp#proxy-protocol

[mzglinski]

I'm reporting this as a docs error, to the best of my knowledge, a way to achieve this would involve

• configuring ingress service with a Cluster type, and setting up a NEG for it
• creating proxy load balancer service manually (via Web UI, gcloud or terraform)

Probably something else, after realizing that, I did not follow that route, my goal was to switch to proxy protocol to retain real IP addresses, but in the end, I decided that the added complexity is not worth it, when the alternative exists (using DaemonSet and setting externalTrafficPolicy: Local).

[longwuyuan]

I am not convinced until I get reliable data. I think the effort is limited to editing the LB created by the ingress-controller install. But it will be a while before I can test.

@Gacko will comment if he already knows more details about this.

[mzglinski]

That is the issue here, you do not have that option for LB created by the ingress-controller install. These screenshots are from my project

[strongjz]

@mzglinski We do not test configurations against clouds regularly in our CI; it is only with kind; docs go out of date as providers update services; it may have worked at one time. Please don't hesitate to update the documentation to reflect a known working status.

[strongjz]

/priority backlog
/triage accepted