I have HAproxy running in a Kubernetes container. This is what a sample log looks like
<134>Jul 20 13:11:37 haproxy[6]: <SOURCE_ADDRESS> [20/Jul/2020:13:11:37.713] front gameApi/game-api-test 0/0/0/9/9 200 384 - - ---- 37/37/0/0/0 0/0 {<FORWARD_FOR_ADDRESS>} "GET /api/games/lists?dtype=brandlist HTTP/1.1"
The <SOURCE_ADDRESS> here is the haproxy kubernetes node ip address and i need it to be the clinet/forwardfor ip address so that filebeat is able to parse the geolocation correctly.
Edit:
I found a solution using haproxy which is to simply set http-request set-src hdr(x-forwarded-for)
However attempting to use the solution externalTrafficPolicy: Local seems to break my haproxies ability to serve website. When i try to reach a website it would say "this site can't be reached" or "Secure Connection Failed"
haproxy service
apiVersion: v1
kind: Service
metadata:
name: haproxy-test
labels:
app: haproxy-test
namespace: test
annotations:
# Note that the backend talks over HTTP.
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
service.beta.kubernetes.io/aws-sload-balancer-ssl-cert: arn:aws:acm:us-east-2:redacted:certificate/redacted
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
spec:
type: LoadBalancer
externalTrafficPolicy: Local
ports:
- port: 80
name: http
targetPort: 80
protocol: "TCP"
- port: 443
name: https
targetPort: 80
protocol: "TCP"
selector:
app: haproxy-test
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: haproxy-test
namespace: test
spec:
replicas: 1
template:
metadata:
labels:
app: haproxy-test
spec:
containers:
- name: haproxy-test
image: <redacted>.dkr.ecr.us-east-2.amazonaws.com/haproxy:$TAG
imagePullPolicy: Always
ports:
- containerPort: 80
resources:
limits:
cpu: "50m"
requests:
cpu: "25m"
