Given a K8s cluster on GCP with a service configured with:
externalTrafficPolicy: Local
and the pod behind the service being an Nginx container.
How can I get the client source IP?
The current issue I don't get client real IP, I get k8s cluster node kind of IP
The load balancer will include its own IP on the X-Forwarded-For header so we need to trust those IPs as well as the nodes IP so Nginx can resolve the real one using http_real_ip_module
set_real_ip_from x.x.x.x/32; // LB IP or CIDR
set_real_ip_from x.x.x.x/16; // Nodes IP CIDR
real_ip_header X-Forwarded-For;
real_ip_recursive on;
There a similar answer here. Make sure that your nginx has the following configuration in your server
block:
proxy_set_header X-Real-IP $remote_addr;
If you are using an Nginx ingress controller it should be the default behavior.