Get alerted when assets are down, slow, or vulnerable to SSL attacks—all free for a month. Learn more

Question

Load Balancer does not forward source ip

I have a service in a kubernetes cluster exposed through a load balancer. However, the load balancer is not correctly forwarding request headers to Kubernetes. For instance X-Forwarded-For contains the load balancer’s private IP address 10.X.X.X when it should have been [ClientIP],[LoadBalancerPrivateIP]. This is not due to the kubernetes routing controller, because when the service is exposed with an Ingress Controller I am getting all the headers correctly filled.

my kubernetes service definition is the following

apiVersion: v1
kind: Service
metadata:
  name: myservice
  labels:
    app: myapp
spec:
  ports:
  - port: 80
    targetPort: 5000
    protocol: TCP
    name: http
    type: LoadBalancer
  selector:
    app: myapp

Can someone please help out on this?

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

GisleburtFebruary 6, 2018

This might be too late for you but perhaps it will help others.

In theory, you should be able to resolve this by setting service.spec.externalTrafficPolicy to Local, example below. However, this only seems to work with some vendors (Google Cloud, Azure). I’ve tried it in DO and it doesn’t seem to work unfortunately.

---
kind: Service
apiVersion: v1
metadata:
  name: traefik-ingress-service
  namespace: public
spec:
  selector:
    k8s-app: traefik-ingress-lb
  ports:
    - protocol: TCP
      port: 80
      name: http
    - protocol: TCP
      port: 443
      name: https
    - protocol: TCP
      port: 8080
      name: admin
  type: LoadBalancer
  externalTrafficPolicy: Local

I’ll update if I find anything.

brunokakeleJanuary 13, 2020

It still doesn’t work. Another thread with the same issue: https://www.digitalocean.com/community/questions/transparent-load-balancers

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up