x-forwarded-for does not set correct ip about kubernetes-ingress-controller HOT 10 CLOSED

Isn't it related to https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-type-nodeport ? Did you try kubectl patch svc kong-proxy -p '{"spec":{"externalTrafficPolicy":"Local"}}

from kubernetes-ingress-controller.

+1

from kubernetes-ingress-controller.

This is related to the Kubernetes network configuration.
Please refer https://kubernetes.io/docs/tutorials/services/source-ip and setup your service accordingly.

Thank you for opening this issue.

from kubernetes-ingress-controller.

@hbagdi hi. Is possible to be a bug in kong? I tested today here with nginx-ingress kops addon and displayed correct x-real-ip, instead this, kong ingress displayed internal cluster ip or ec2 subnet ip on x-real-ip, as images below.

Ingress with kong

Ingress with nginx

In both examples I used mendhak/http-https-echo image

from kubernetes-ingress-controller.

@joubertredrat, try setting trusted_ips and real_ip_header to use 'X-Forwarded-For' on Kong configuration, this can fix the x-real-ip:

trusted_ips: 0.0.0.0/0,::0
real_ip_recursive: "on"
real_ip_header: X-Forwarded-For

https://docs.konghq.com/1.3.x/configuration/#trusted_ips
https://docs.konghq.com/1.3.x/configuration/#real_ip_header

from kubernetes-ingress-controller.

Hello @raittes , i have the same issue with your configuration, I think the proxy does not support modification

from kubernetes-ingress-controller.

I have the same problem, too.

And I think it's important to me, In my Cluster, I will use kong to forward some requests to external services, and these external services will check x-forward-for header, Because they only support some ip address which in their white ip list.

We add our node ip to this white ip list, so I want to my request x-forward-for is a node ip.

from kubernetes-ingress-controller.

Hey @Pierre-Malherbe

I got this plugin at kong-ingress-controller version: 2.1.x
You can read this #issue

And this is my plugin:

kind: KongPlugin
apiVersion: configuration.konghq.com/v1
config:
  functions:
    - ngx.var.upstream_x_forwarded_for=nil
metadata:
  annotations:
    global: 'true'
    kubernetes.io/ingress.class: kong
  name: egress-plugin-remove-x-forwarded-for
plugin: pre-function

With this config on pre-function, it will make X-Forwarded-For to be my node ip in my kubernetes cluster.

from kubernetes-ingress-controller.

I have the same problem. How was it finally resolved?

from kubernetes-ingress-controller.

I have the same problem. How was it finally resolved?

apiVersion: v1
kind: Service
metadata:
  annotations:
    konghq.com/override: cc     # you need this, cc is the name of kongingress
    kubernetes.io/ingress.class: kong   # ingressController
  name: cc
spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:
      k8s-app: cc
      qcloud-app: cc
---
apiVersion: configuration.konghq.com/v1
kind: KongIngress
metadata:
  annotations:
    kubernetes.io/ingress.class: kong
  name: cc
route:
  preserve_host: false  # this must be false
upstream:
  host_header: cc.isd.com   # this is the finally host that client get
--- 
# ingress yaml detail
# ---
# deployment yaml detail

from kubernetes-ingress-controller.