-
Notifications
You must be signed in to change notification settings - Fork 266
X-Forwarded-For & X-Real-IP = Addr of GKE Ingress Controller #57
Comments
@DocBradfordSoftware if you are using NGINX example then you are actually using Nginx Ingress Controller, not GCE Ingress Controller. But traffic is forwarded to your Nginx Ingress Controller via GCE load balancer, I suppose. |
At aws I would add this to my config map
If I try that with google container engine I get this error.
This is probably a gke issue, so I will head over there. |
have the same error once the |
GCE Load Balancers don't support proxy protocol. To get the real IP addresses with an nginx ingress, you have to rely on this alpha feature introduced in kubernetes 1.4: https://kubernetes.io/docs/user-guide/load-balancer/#loss-of-client-source-ip-for-external-traffic Closing this as it's not a kube-lego bug/limitation. Let me know how it goes... |
Work like a charm! I have already disabled the httpLoadBalancing, still saw one loadbalancing rule got created once the type type is set as LoadBalancer.
|
@kenng have you found a solution? My nginx ingress still shows 127.0.0.1 only as client ip |
@alex88, per the reference above, you need to add an annotation to the nginx controller service
|
@DocBradfordSoftware unfortunately that didn't help. :( |
I used the echo service in the example. and got these values double checking with whatsmyip |
Lucky you :) I still can't get my real ip if I use a domain to connect to the load balancer |
I am not sure if what i am doing is correct, but the way I find my ip to hook up to the dns record, is that I go to gcloud console networking -> loadbalancing. there should be one instance, click on that and it will show the external ip. |
@DocBradfordSoftware I've found the discriminant, if I use port 443, I get 127.0.0.1 in the nginx ingress logs, if I use port 80 I get the real client IP |
@alex88 Did you find a solution to your issue? I'm seeing the same problem. What version of the Nginx Ingress are you on? |
@artushin nope, still the same issue, maybe it's because of the ports that the tcp load balancer can use the proxy protocol with, I don't really know. |
Just upgraded to 0.9.0-beta.8 (https://github.com/kubernetes/ingress/releases). Looks good now. Looks like it was probably this: kubernetes/ingress-nginx#233 |
@artushin Sorry forgot to mention I was using beta-5, I'll try with the beta 8. Anway, do you have any special config in the service? Like the |
I do, but it's a one node dev cluster, and I'm running the nginx pods in a daemonset, so it would probably work even without it. But yeah, based on the k8s docs, if you have nodes that are not running an nginx pod, you should use that annotation if you need source IPs. |
Oh yeah it works! That's awesome! :D |
Now it's just a matter of having nginx trust the forwarded ip and that's it :) |
Did somebody also get it working when using a GCLB through an ingress in front of Nginx? The Sorry for using this thread, but best way to get a solution :-) |
I would check out this documentation:
replace loadbalancer with your nginx service and add --namespace=xxx if you need to. |
@DocBradfordSoftware Problem is that our services is a PS. We use the ingress controller with GCP Http Loadbalancer, so we can use:
|
You are correct, mine is on GKE, but I followed the kube-lego/examples/nginx and so the service is Type:LoadBalancer |
@bviolier we have the same setup and issue and been talking to Google support for about a week to find a solution. So far the best they have been able to offer is to setup an L2 load balancer with |
@bviolier we are using the same setup as you Update: |
See my solution posted in kubernetes/ingress-nginx#808 (comment) |
When using the example for NGINX on GCE, everything seems to work, but I am not getting the headers from the original client. It appears that the values for
X-Real-IP & X-Forwarded-For are the private ip addr of the gke ingress controller.
The text was updated successfully, but these errors were encountered: