K
Q

EKS, ELB, Nginx Ingress - Right Combination for Sticky Sessions/Session Affinity and showing real Client IP

2/11/2020

Trying to figure out what the right settings are, to be able to have the clients real IP show up in our logs, and for session affinity to work.

I am not getting the client IPs in the logs now, and if i move from 1 pod, to 2, I can no longer log in etc. The nginx logs dont seem to have anything in them showing a problem.

Values.yml

controller:
  config:
    use-forwarded-headers: "true"
    use-proxy-protocol: "true"
    proxy-real-ip-cidr: "172.21.0.0/16"
  replicaCount: 2
  image:
    repository: quay.io/kubernetes-ingress-controller/nginx-ingress-controller
    tag: "0.28.0"
  ingressClass: ingress-internal
  publishService:
    enabled: true
  service:
    externalTrafficPolicy: Local
    targetPorts:
      http: 80
      https: http
    loadBalancerSourceRanges: ["0.0.0.0/0"]
    annotations:
      service.beta.kubernetes.io/aws-load-balancer-internal: "0.0.0.0/0"
      service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "tcp"
      service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
      service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "60"
      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-1:523447765480:certificate/3972f84d-c167-43da-a207-8be0b955df48"
      service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags: "Name=idaas2-ingress-internal,cluster=idaas2,Environment=prd,Project=idaas2,Customer=idauto"
      service.beta.kubernetes.io/aws-load-balancer-access-log-enabled: "true"
      service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "True"
      service.beta.kubernetes.io/aws-load-balancer-ssl-negotiation-policy: "ELBSecurityPolicy-TLS-1-2-2017-01"
      service.beta.kubernetes.io/aws-load-balancer-extra-security-groups: "sg-02ca93f2fe8cbc950"
      service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"

Ingress Annotation

ingress:
  annotations:
    kubernetes.io/ingress.class: ingress-internal
    nginx.ingress.kubernetes.io/affinity: "cookie"
    nginx.ingress.kubernetes.io/session-cookie-name: "route"
    monitor.stakater.com/enabled: "false"
    nginx.ingress.kubernetes.io/configuration-snippet: |
      proxy_set_header l5d-dst-override $service_name.$namespace.svc.cluster.local:$service_port;
      grpc_set_header l5d-dst-override $service_name.$namespace.svc.cluster.local:$service_port;

Im not even sure where to continue searching, I can provide any additional information required.

-- Justin Seiser
amazon-eks
kubernetes
kubernetes-ingress
nginx-ingress

Similar Questions

Bound a PVC with status Released
Create Symlink in Kubernetes deployment
Kubernetes spark-submit
dynamic storage class on gcp kubernetes

0 Answers