Kubernetes getting IP from Ingress (Oracle Cloud)

Question

My question is a duplicate of this question: nginx ingress controller forward source ip

Though the accepted answer there is a Helm repository that is now deprecated and does not solve the problem of forwarding the user IP.

I followed the official Oracle Documentation and by checking the file deploy.yaml one can see that the policy is already set to Local by default:

apiVersion: v1
kind: Service
metadata:
  annotations:
  labels:
    helm.sh/chart: ingress-nginx-3.23.0
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/version: 0.44.0
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: controller
  name: ingress-nginx-controller
  namespace: ingress-nginx
spec:
  type: LoadBalancer
  externalTrafficPolicy: Local
  ports:
    - name: http
      port: 80
      protocol: TCP
      targetPort: http
    - name: https
      port: 443
      protocol: TCP
      targetPort: https

Though when checking the logs with kubectl logs POD_NAME, I always get a 10.0.20.X visiting the endpoint, and never my real IP. Am I mistaken somewhere? How do I forward the user IP?

Please run this command `kubectl get svc ingress-nginx-controller -n ingress-nginx -o json | grep "externalTrafficPolicy"` to make sure it's deployed with `local` flag. I got a positive result when I deployed what you described. First internal IP, after changed to `local` I got `real` client IP. — moonkotte, Sep 07 '21 at 14:17
By running your command I get `"externalTrafficPolicy": "Local"` How did you test the `real` client IP? — purple_lolakos, Sep 07 '21 at 20:52
Though it is also true that I get `"f:externalTrafficPolicy": {}` — purple_lolakos, Sep 07 '21 at 20:53
How I tested it: I created a GKE cluster with 1 node, installed `ingress-nginx`, created and expose simple `nginx` deployment. Then I accessed loadbalancer from my laptop and curl within the cloud, I got the same IP address. Next I edited the `ingress-nginx-controller` service and switched `externalTrafficPolicy` from Cluster to Local. Then accessed this loadbalancer again and got two different IPs, one of them is public IP of my laptop hence it works. — moonkotte, Sep 08 '21 at 06:44
What you can do else is to try `kubectl edit svc ingress-nginx-controller -n ingress-nginx` and if there's `Local` and not `Cluster`, then it's set up correctly. However in [kubernetes documentation](https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip) it's said `supported in GCE/Google Kubernetes Engine environments)` so there's a chance Oracle cloud can't recognise this flag and skips it. You can reach out to their support to ask about it. — moonkotte, Sep 08 '21 at 06:47
When performing that command, it is set to `Local`. Well, thanks. I will reach out to their support — purple_lolakos, Sep 08 '21 at 08:37
After a solid restart of the service, the IP started to be forwarded to my node application. Now it is just to figure out how `Ingress` can also access it. I will shortly update the answer, as soon as I get it to work — purple_lolakos, Sep 10 '21 at 09:12

score 0 · Answer 1 · answered Oct 19 '21 at 07:58

I have seen similar issues (not being able to see Real IP) with launching a Loadbalancer service when the annotation service.beta.kubernetes.io/oci-load-balancer-backend-protocol: is not set to HTTP.

I suggest you try launching the Ingress-Controller service with this annotation and see if it makes any difference.

Kubernetes getting IP from Ingress (Oracle Cloud)

1 Answers1