K
Q

Kubernetes gives an internal source IP although externalTrafficPolicy is set to Local

10/15/2018

Our Kubernetes cluster includes an nginx load balancer that forwards the requests to other pods.

However, the nginx sees local source IPs and therefore cannot set the correct X-Real-IP header. I tried setting the externalTrafficPolicy value of nginx to "Local" but the IP does not change.

Section of the nginx service config:

 "selector": {
  "app": "nginx-ingress",
  "component": "controller",
  "release": "loping-lambkin"
},
"clusterIP": "10.106.1.182",
"type": "LoadBalancer",
"sessionAffinity": "None",
"externalTrafficPolicy": "Local",
"healthCheckNodePort": 32718

Result:

GET / HTTP/1.1
Host: example.com:444
X-Request-ID: dd3310a96bf154d2ac38c8877dec312c
X-Real-IP: 10.39.0.0
X-Forwarded-For: 10.39.0.0

We use a bare metal cluster with metallb.

-- Johannes Mittendorfer
kubernetes
kubernetes-ingress
load-balancing
nginx-ingress
weave

Similar Questions

How to access environment variables inside container at runtime ?
Kubernetes/Helm - Obtaining Docker image version from deployment
is it possible to use ssh in pod?
google container cluster giving auth error while creation
How to override schema registry master accessing hostname and port
Reading Kube Secrets from Java Program
Kubernetes Microservice Versioning

2 Answers

11/19/2018

This appears to be a bug in the IPVS implementation for services of type LoadBalancer : https://github.com/google/metallb/issues/290

-- eknudtson
Source: StackOverflow
6/11/2019

I found out that weave needs to be configured using NO_MASQ_LOCAL=1 to respect the externalTrafficPolicy property

-- Johannes Mittendorfer
Source: StackOverflow