GCP K8s native ingress preserve client IP

7/15/2020

Given a K8s cluster on GCP with a service configured with:

externalTrafficPolicy: Local

and the pod behind the service being an Nginx container.

How can I get the client source IP?

The current issue I don't get client real IP, I get k8s cluster node kind of IP

-- bitgandtter
google-kubernetes-engine
kubernetes
kubernetes-ingress

2 Answers

7/16/2020

The load balancer will include its own IP on the X-Forwarded-For header so we need to trust those IPs as well as the nodes IP so Nginx can resolve the real one using http_real_ip_module

set_real_ip_from  x.x.x.x/32; // LB IP or CIDR
set_real_ip_from  x.x.x.x/16; // Nodes IP CIDR
real_ip_header  X-Forwarded-For;
real_ip_recursive on;
-- bitgandtter
Source: StackOverflow

7/16/2020

There a similar answer here. Make sure that your nginx has the following configuration in your server block:

proxy_set_header X-Real-IP $remote_addr;

If you are using an Nginx ingress controller it should be the default behavior.

-- Rico
Source: StackOverflow