Assuming I need the original source IP of clients outside the cluster to be seen by the Pod application, and that I will tolerate the application only being reachable on the Nodes where the Pods are scheduled, what are the fundamental differences between the two approaches?
For clarity, the first approach is a Deployment where the Pod template contains a container with a HostPort, e.g. TCP port 32222. There is no Service in this scenario.
The second approach, would be a very similar Deployment but the container does not have a HostPort. Instead there is a Service which selects the Pods from this Deployment and has
externalTrafficPolicy: Local, and
So far, the only difference I can think of is that the HostPort solution would limit the Pod replica count to be at most the number of available Nodes. I.e. two replicas of this Pod could not share a single Node, but the NodePort Service solution would allow multiple replicas of the Pod on one Node.
What other differences have I missed?
Is there another approach that doesn’t assume any particular Kubernetes cloud provider, and doesn’t assume a particular protocol (e.g. HTTP X-Forwarded-For, PROXY protocol)?