search by tags

for the user

adventures into the land of the command line

preserving real client ip in k8s

In the helm nginx ingress controller’s values file, add this:

controller:
   service:
      type: LoadBalancer
      externalTrafficPolicy: Local

Then, in any nginx pod where you want to see the real client ip address in the request, add these directives to your pod’s server block:

server {
.
.
        real_ip_header X-Real-IP;
        real_ip_recursive on;
        set_real_ip_from 0.0.0.0/0;
.
.
}

This will cause the nginx pod to replace or see the ingress pod’s ip, with or as the ip from the one (the client) that sent the request to the ingress, one up in the daisy chain. Maybe this is best explained with a groovy picture.

before: nginx sees requester IP as 5.6.7.8

 1.2.3.4  5.6.7.8
---[C]------[I]------[N]---

after: nginx sees requester IP as 1.2.3.4