Home > Blockchain >  NGINX Ingress Controller's Load Balancer is hiding the real client IP
NGINX Ingress Controller's Load Balancer is hiding the real client IP

Time:12-16

Setup

I'm playing around with K8s and I set up a small, single-node, bare metal cluster. For this cluster I pulled the NGINX Ingress Controller config Cluster setup

BUT...

My app is not getting the original IP from the client. All client requests end up as coming from 10.42.0.99... here's the controller config from describe:

Ingress Controller config

Debugging

I tried like 50 solutions that were proposed online, none of them worked (ConfigMaps, annotations, proxy mode, etc). And I debugged in-depth, there's no X-Forwarder-For or any similar header in the request that reaches the pod. Previously I tested the same app on apache directly, and also in a docker setup, it works without any issues.

It's also worth mentioning that I looked into the ingress controller's pod and I already saw the same internal IP in there. I don't know how to debug the controller's pod further.

Happy to share more information and config if it helps.

CodePudding user response:

Make sure your Nginx ingress configmap have enabled user IP real-ip-header: proxy_protocol try updating this line into configmap.

apiVersion: v1
kind: ConfigMap
metadata:
  labels:
    app.kubernetes.io/component: controller
  name: ingress-nginx-controller
  namespace: ingress-nginx
data:
  compute-full-forwarded-for: "true"
  use-forwarded-headers: "false"
  real-ip-header: proxy_protocol

still if that not work you can just inject this config as annotation your ingress configuration and test once.

nginx.ingress.kubernetes.io/configuration-snippet: |
      more_set_headers "X-Forwarded-For $http_x_forwarded_for";

CodePudding user response:

add this in ingress controller service externalTrafficPolicy: Local

  service:
    externalTrafficPolicy: Local

  • Related