K
Q

GCP K8s native ingress preserve client IP

7/15/2020

Given a K8s cluster on GCP with a service configured with:

externalTrafficPolicy: Local

and the pod behind the service being an Nginx container.

How can I get the client source IP?

The current issue I don't get client real IP, I get k8s cluster node kind of IP

-- bitgandtter
google-kubernetes-engine
kubernetes
kubernetes-ingress

Similar Questions

Azure reactjs deployment best practices
what actually happens by running gluster exporter inside gluster pod?
ssl authentication for gcp kubernetes cluster is not working
How to handle multiple AWS accounts in Kops?
Host and Port to access the Kubernetes api

2 Answers

7/16/2020

The load balancer will include its own IP on the X-Forwarded-For header so we need to trust those IPs as well as the nodes IP so Nginx can resolve the real one using http_real_ip_module

set_real_ip_from  x.x.x.x/32; // LB IP or CIDR
set_real_ip_from  x.x.x.x/16; // Nodes IP CIDR
real_ip_header  X-Forwarded-For;
real_ip_recursive on;
-- bitgandtter
Source: StackOverflow
7/16/2020

There a similar answer here. Make sure that your nginx has the following configuration in your server block:

proxy_set_header X-Real-IP $remote_addr;

If you are using an Nginx ingress controller it should be the default behavior.

-- Rico
Source: StackOverflow