Preserve client IP with Ingress Controller
1,757 views
Skip to first unread message
bg
Jan 10, 2018, 4:55:00 PM1/10/18
to Kubernetes user discussion and Q&A
I have this set up
Load Balancer > Ingress Controller (nginx) -> Service -> Deployment (nginx).
The nginx deployment is logging `$remote_addr`and `$http_x_forwarded_for`, but both seem to be internal ip address. Any ideas on how I can preserve the client's IP?
I set the LoadBalancer's externalTrafficPolicy to Local like this:
kubectl patch svc api-lb -p '{"spec":{"externalTrafficPolicy":"Local"}}'
and verified that by running `kubectl describe svc api-lb` and saw this:
External Traffic Policy: Local
Thanks in advance!
John Belamaric
Jan 10, 2018, 5:10:08 PM1/10/18
to kubernet...@googlegroups.com
Your load balancer needs to support the proxy protocol:
John
--
You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-use...@googlegroups.com.
To post to this group, send email to kubernet...@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.
bg
Jan 10, 2018, 5:18:28 PM1/10/18
to Kubernetes user discussion and Q&A
Thanks! Re: Step 2:
In the set_real_ip_from directive, specify the IP address or the CIDR range of addresses of the TCP proxy or load balancer:
Would that be the external or the cluster ip of my load balancer? And how I dow I determine the CIDR block? (Sorry, this is new to me).
On Wednesday, January 10, 2018 at 5:10:08 PM UTC-5, John Belamaric wrote:
> Your load balancer needs to support the proxy protocol:
>
>
>
>
>
> https://www.nginx.com/resources/admin-guide/proxy-protocol/
>
>
>
>
>
> John
>
>
>
>
>
>
> On Jan 10, 2018, at 1:55 PM, bg <griff...@gmail.com> wrote:
>
>
>
>
>
> I have this set up
>
>
>
> Load Balancer > Ingress Controller (nginx) -> Service -> Deployment (nginx).
>
>
>
> The nginx deployment is logging `$remote_addr`and `$http_x_forwarded_for`, but both seem to be internal ip address. Any ideas on how I can preserve the client's IP?
>
>
>
> I set the LoadBalancer's externalTrafficPolicy to Local like this:
>
>
>
> kubectl patch svc api-lb -p '{"spec":{"externalTrafficPolicy":"Local"}}'
>
>
>
> and verified that by running `kubectl describe svc api-lb` and saw this:
>
>
>
> External Traffic Policy: Local
>
>
>
> Thanks in advance!
>
>
>
> --
>
> You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group.
>
> To unsubscribe from this group and stop receiving emails from it, send an email to
> kubernetes-use...@googlegroups.com.
>
> To post to this group, send email to
> kuberne...@googlegroups.com.
In the set_real_ip_from directive, specify the IP address or the CIDR range of addresses of the TCP proxy or load balancer:
Would that be the external or the cluster ip of my load balancer? And how I dow I determine the CIDR block? (Sorry, this is new to me).
On Wednesday, January 10, 2018 at 5:10:08 PM UTC-5, John Belamaric wrote:
> Your load balancer needs to support the proxy protocol:
>
>
>
>
>
> https://www.nginx.com/resources/admin-guide/proxy-protocol/
>
>
>
>
>
> John
>
>
>
>
>
>
> On Jan 10, 2018, at 1:55 PM, bg <griff...@gmail.com> wrote:
>
>
>
>
>
> I have this set up
>
>
>
> Load Balancer > Ingress Controller (nginx) -> Service -> Deployment (nginx).
>
>
>
> The nginx deployment is logging `$remote_addr`and `$http_x_forwarded_for`, but both seem to be internal ip address. Any ideas on how I can preserve the client's IP?
>
>
>
> I set the LoadBalancer's externalTrafficPolicy to Local like this:
>
>
>
> kubectl patch svc api-lb -p '{"spec":{"externalTrafficPolicy":"Local"}}'
>
>
>
> and verified that by running `kubectl describe svc api-lb` and saw this:
>
>
>
> External Traffic Policy: Local
>
>
>
> Thanks in advance!
>
>
>
> --
>
> You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group.
>
> To unsubscribe from this group and stop receiving emails from it, send an email to
> kubernetes-use...@googlegroups.com.
>
> To post to this group, send email to
John Belamaric
Jan 10, 2018, 5:52:29 PM1/10/18
to kubernet...@googlegroups.com
Sorry, you don’t need to manually do that. I should have sent you to this page instead:
John
To post to this group, send email to kubernet...@googlegroups.com.
John Belamaric
Jan 10, 2018, 5:53:12 PM1/10/18
to kubernet...@googlegroups.com
But you need your LB to use it too, or requests will fail. So it depends on what load balancer you are using.
Reply all
Reply to author
Forward
0 new messages