I have created Nginx pod with Load balancer service in GKE. When it receive requests from external user, in Nginx log it is showing the request is received from an Internal IP (and this is happening randomly).

Sample Request

"@timestamp": "03/Sep/2022:16:25:38  0530", "@fields": { "remote_addr": "10.160.0.30", "remote_user": "-", "body_bytes_sent": "3767", "gzip_ratio": "3.52","request_time": "0.113", "connection_requests": "7","status": "200", "request": "GET /admin HTTP/2.0", "request_method": "GET"

YAML files

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx
  labels:
    app: nginx
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: image_name
        ports:
        - containerPort: 80
        - containerPort: 443
        resources:
          requests:
            cpu: 2000m
            memory: 2Gi
          limits:
            cpu: 2000m
            memory: 2Gi

==========

apiVersion: v1
kind: Service
metadata:
  name: dev-nginx-lb-service
spec:
  loadBalancerIP: IP_address
  type: LoadBalancer
  selector:
    app: nginx
  ports:
  - name: https
    protocol: TCP
    port: 443
    targetPort: 443
  - name: http
    protocol: TCP
    port: 80
    targetPort: 80

CodePudding user response：

Not sure why it would be random. By default, GKE nodes perform SNAT on packets received via load balancing. If you want to pass the client address directly to the backend pods, you can set externalTrafficPolicy: Local in your Service spec:

apiVersion: v1
kind: Service
metadata:
  name: dev-nginx-lb-service
spec:
  loadBalancerIP: IP_address
  type: LoadBalancer
  externalTrafficPolicy: Local
  selector:
    app: nginx
  ports:
  - name: https
    protocol: TCP
    port: 443
    targetPort: 443
  - name: http
    protocol: TCP
    port: 80
    targetPort: 80