Comments (10)
Isn't it related to https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-type-nodeport ? Did you try kubectl patch svc kong-proxy -p '{"spec":{"externalTrafficPolicy":"Local"}}
from kubernetes-ingress-controller.
+1
from kubernetes-ingress-controller.
This is related to the Kubernetes network configuration.
Please refer https://kubernetes.io/docs/tutorials/services/source-ip and setup your service accordingly.
Thank you for opening this issue.
from kubernetes-ingress-controller.
@hbagdi hi. Is possible to be a bug in kong? I tested today here with nginx-ingress kops addon and displayed correct x-real-ip
, instead this, kong ingress displayed internal cluster ip or ec2 subnet ip on x-real-ip
, as images below.
In both examples I used mendhak/http-https-echo image
from kubernetes-ingress-controller.
@joubertredrat, try setting trusted_ips
and real_ip_header
to use 'X-Forwarded-For' on Kong configuration, this can fix the x-real-ip:
trusted_ips: 0.0.0.0/0,::0
real_ip_recursive: "on"
real_ip_header: X-Forwarded-For
https://docs.konghq.com/1.3.x/configuration/#trusted_ips
https://docs.konghq.com/1.3.x/configuration/#real_ip_header
from kubernetes-ingress-controller.
Hello @raittes , i have the same issue with your configuration, I think the proxy does not support modification
from kubernetes-ingress-controller.
I have the same problem, too.
And I think it's important to me, In my Cluster, I will use kong to forward some requests to external services, and these external services will check x-forward-for
header, Because they only support some ip address which in their white ip list.
We add our node ip to this white ip list, so I want to my request x-forward-for
is a node ip.
from kubernetes-ingress-controller.
Hey @Pierre-Malherbe
I got this plugin at kong-ingress-controller version: 2.1.x
You can read this #issue
And this is my plugin:
kind: KongPlugin
apiVersion: configuration.konghq.com/v1
config:
functions:
- ngx.var.upstream_x_forwarded_for=nil
metadata:
annotations:
global: 'true'
kubernetes.io/ingress.class: kong
name: egress-plugin-remove-x-forwarded-for
plugin: pre-function
With this config on pre-function, it will make X-Forwarded-For
to be my node ip in my kubernetes cluster.
from kubernetes-ingress-controller.
I have the same problem. How was it finally resolved?
from kubernetes-ingress-controller.
I have the same problem. How was it finally resolved?
apiVersion: v1
kind: Service
metadata:
annotations:
konghq.com/override: cc # you need this, cc is the name of kongingress
kubernetes.io/ingress.class: kong # ingressController
name: cc
spec:
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
k8s-app: cc
qcloud-app: cc
---
apiVersion: configuration.konghq.com/v1
kind: KongIngress
metadata:
annotations:
kubernetes.io/ingress.class: kong
name: cc
route:
preserve_host: false # this must be false
upstream:
host_header: cc.isd.com # this is the finally host that client get
---
# ingress yaml detail
# ---
# deployment yaml detail
from kubernetes-ingress-controller.
Related Issues (20)
- Release 2.12.4 HOT 1
- Release 3.0.3
- Test Request: Kong Gateway EE version 3.7.0.0-rc.1 HOT 3
- Test Request: Kong Gateway [OSS|EE] version 3.7.0.0-rc.1 HOT 2
- Bump Gateway API to v1.1 HOT 1
- Switch Konnect sync backoff to warning HOT 1
- Definition of KongCustomEntity CRD
- Store schema of custom entity and validate KongCustomEntity against Kong gateway
- Translate KongCustomEntity CRs to Kong entities in declarative configuration
- Test Request: Kong Gateway EE version 3.7.0.0-rc.2 HOT 2
- Integration/e2e tests for usage of custom entities
- Documents for using custom entities in KIC
- Redesign interface of `configPatch` in plugin configurations
- Improve webhook to reject plugins that leads to invalid configuration (duplication) when created
- Make a new snapshot of the store only when it differs from previous snapshot
- Simplify ReferenceGrant resolution
- Test Request: Kong Gateway EE version 3.7.0.0-rc.3 HOT 2
- validating webhook is sent to non-leader pod will cause the webhook fail in gateway discovery mode
- kong open telemetry plugin header_type datadog not valid option and rejected by admission webhook HOT 6
- Test Request: Kong Gateway [OSS|EE] version 3.7.0.0-rc.4 HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kubernetes-ingress-controller.