Incorrect X-Forwarded-For handling

[Malet]

curl -v http://echoheaders.example.com --resolve echoheaders.example.com:80:127.0.0.1 -H 'X-Forwarded-For: 1.2.3.4'
* Added echoheaders.example.com:80:127.0.0.1 to DNS cache
* Rebuilt URL to: http://echoheaders.example.com/
* Hostname echoheaders.example.com was found in DNS cache
*   Trying 127.0.0.1...
* Connected to echoheaders.example.com (127.0.0.1) port 80 (#0)
> GET / HTTP/1.1
> Host: echoheaders.example.com
> User-Agent: curl/7.47.0
> Accept: */*
> X-Forwarded-For: 1.2.3.4
>
< HTTP/1.1 200 OK
< Server: nginx/1.10.0
< Date: Wed, 10 May 2017 11:11:11 GMT
< Content-Type: text/plain
< Transfer-Encoding: chunked
<
CLIENT VALUES:
client_address=10.100.5.0
command=GET
real path=/
query=nil
request_version=1.1
request_uri=http://echoheaders.example.com:8080/

SERVER VALUES:
server_version=nginx: 1.10.0 - lua: 10001

HEADERS RECEIVED:
accept=*/*
host=echoheaders.example.com
user-agent=curl/7.47.0
x-forwarded-for=1.2.3.4127.0.0.1
BODY:
* Connection #0 to host echoheaders.example.com left intact
-no body in request-

For some reason the x-forwarded-for header does not get appended to with a comma

[jcmoraisjr]

Thanks for pointing this out. X-Forwarded-For should not be changed outside HAProxy, this header should be removed. Fixing this asap.

[jcmoraisjr]

Fixed on v0.2.1.

[Malet]

Doesn't that just remove it entirely? In our setup there's another load balancer in front of the ingress controllers, we need the header to know what the real ip is

[jcmoraisjr]

This header cannot be touched if the proxy is publicly available. Wasn't taking into account another lb in front of Ingress. I'll add a configmap option to master in order to change this behaviour. You can fix this right now mounting a new template to /usr/local/etc/haproxy/haproxy.tmpl.