Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
How multiple droplets share resources Question Question
how to configure 2 droplets with HAProxy + keepalived Question Question

Question

Load Balancer does not forward source ip

Posted October 24, 2017 3.5k views
Load Balancing

I have a service in a kubernetes cluster exposed through a load balancer. However, the load balancer is not correctly forwarding request headers to Kubernetes. For instance X-Forwarded-For contains the load balancer’s private IP address 10.X.X.X when it should have been [ClientIP],[LoadBalancerPrivateIP]. This is not due to the kubernetes routing controller, because when the service is exposed with an Ingress Controller I am getting all the headers correctly filled.

my kubernetes service definition is the following

apiVersion: v1
kind: Service
metadata:
  name: myservice
  labels:
    app: myapp
spec:
  ports:
  - port: 80
    targetPort: 5000
    protocol: TCP
    name: http
    type: LoadBalancer
  selector:
    app: myapp

Can someone please help out on this?

Add a comment
dmitryd82bcfce79091cfb1d29
By:
dmitryd82bcfce79091cfb1d29

Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
How multiple droplets share resources Question Question
how to configure 2 droplets with HAProxy + keepalived Question Question

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
2 answers
Gisleburt February 6, 2018

This might be too late for you but perhaps it will help others.

In theory, you should be able to resolve this by setting service.spec.externalTrafficPolicy to Local, example below. However, this only seems to work with some vendors (Google Cloud, Azure). I’ve tried it in DO and it doesn’t seem to work unfortunately.

---
kind: Service
apiVersion: v1
metadata:
  name: traefik-ingress-service
  namespace: public
spec:
  selector:
    k8s-app: traefik-ingress-lb
  ports:
    - protocol: TCP
      port: 80
      name: http
    - protocol: TCP
      port: 443
      name: https
    - protocol: TCP
      port: 8080
      name: admin
  type: LoadBalancer
  externalTrafficPolicy: Local

I’ll update if I find anything.

Reply Report
brunokakele January 13, 2020

It still doesn’t work. Another thread with the same issue: https://www.digitalocean.com/community/questions/transparent-load-balancers

Reply Report
  • CarlesBarrobes April 8, 2020

    I managed to make source IP work, check my response to the question you are linking to.

    Reply Report
    • brunokakele April 8, 2020

      Thanks CarlesBarrobes. That still require nginx. GCE and Azure support that by default, without nginx. It would be nice to have it out of the box in DO too.

      Reply Report
      • CarlesBarrobes April 11, 2020

        I fully agree with you @brunokakele . I have just discovered that setting both the load balancer and nginx to use proxy protocol still had undesirable effects that made some of the networking inside the cluster not work properly - I’ve had to disable it and I’m left with no solution at the moment to obtain the real client IP

        Reply Report

Related

Looking for something else?

Ask a new question Search for more help