Hi I'm trying to get client real-ip to restrict some access at pod. But unfortunately I'm always getting 10.244.1.1 at every pod. I have tried with https://kubernetes.io/docs/tutorials/services/source-ip/ but unfortunately no luck. Please help.
I'm using kubernetes 1.8.2 version on cent os 7 bare metal servers for kubernetes cluster. I do not have any choice bu to use bare metal . As an ingress controller I'm using kong. My kong ingress controller is always getting 10.244.1.1. In kong there is a feature called IP restriction. I'm trying to use it.
So other suggested to use another kong hop as a loadbalancer which is not a good solution for my situation.
Checkout the properties for "real IP" determining (https://docs.konghq.com/2.1.x/configuration/#trusted_ips):
This might also of interest: https://github.com/Kong/kong/pull/5861
You need to specify the traffic policy on the kong-proxy service
spec:
...
selector:
app: ingress-kong
type: LoadBalancer
externalTrafficPolicy: Local
And you may need to add one or both of the following environment variables to the kong container
- name: KONG_TRUSTED_IPS
value: 0.0.0.0/0,::/0
- name: KONG_REAL_IP_RECURSIVE
value: "on"
I got this working with a k3s instance.
There are detailed information about the issues with the source-ip in "bare metal considerations for k8s" on the k8s documentation and "preserving client ip addresses" in kong docs. They contain too many details to briefly summarize.