Home > Software engineering >  nginx ingress on kuberentes sees node ip address instead of the public internet resource requestor
nginx ingress on kuberentes sees node ip address instead of the public internet resource requestor

Time:05-10

I have a kubernetes cluster and a nginx ingress. I have deployed an ingress to route traffic from a domain example.org to a specific container. Now, I am trying to block all requests which are not coming from a whitelisted ip range. Therefore I annotated the created ingress with nginx.ingress.kubernetes.io/whitelist-source-range. However, all traffic gets blocked so I looked at the logs from nginx and I realized that actually nginx sees the internal node ip address instead of the requestors public internet address.

2022/05/06 11:39:26 [error] 10719#10719: *44013470 access forbidden by rule, client: 172.5.5.84, server: example.org, request: "GET /.svn/wc.db HTTP/1.1", host: "example.org"

I am not sure what is actually wrong. When I remove the whitelist annotation, then everything works as expected.

CodePudding user response:

Okay, so this documentation fixed the issue https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip

I had to change externalTrafficPolicy: Cluster to externalTrafficPolicy: Local

Page link:https//www.codepudding.com/Softwareengineering/400748.html

Prev:Java Spring Webflux on Kubernetes: always [or-http-epoll-1], [or-http-epoll-2], [or-http-epoll-3], [
Next:SQL scripts in Dockerfile is skipped to run if I attach the deployment to a persistent volume
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding