Implement support for "Load balancer IP address mode" #811
Description
When enabling the proxy protocol in a DO load balancer it breaks requests to hosts that point at the load balancer that originate from with in the cluster. The reason for this is that Kubernetes routes these requests directly inside the cluster, bypassing the load balancer. When the proxy protocol is enabled, the requests then end up as raw HTTPS at the Ingress, but the Ingress is expecting the proxy protocol.
This issue is described in the readme as well:
https://github.com/digitalocean/digitalocean-cloud-controller-manager/blob/master/docs/controllers/services/examples/README.md#accessing-pods-over-a-managed-load-balancer-from-inside-the-cluster
The existing workaround requires modifying the applications running within the cluster to talk to a different hostname. This is not always viable.
Since Kubernetes 1.32 controllers can set the "ipMode" for a load balancer, allowing configuration of this behavior. If it is set to "Proxy" then the load balancer is not bypassed for traffic from within the cluster. The relevant documentation is here:
https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-ip-mode
My understanding is that for this to be used on DO, a new annotation (akin to service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol, etc.) would need to be implemented in the DO Cloud Controller Manager to let users control this behavior.
For example:
apiVersion: v1
kind: Service
spec:
type: LoadBalancer
metadata:
annotations:
service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "false"
service.beta.kubernetes.io/do-loadbalancer-ip-mode: "Proxy" # <<- HERE