1

We are running our ms as pod behind ALB ingress (ALB load balancer). My problem is that all of the HTTP request logs show the cluster IP address instead of the IPs of the HTTP clients. Is there any other way I can make kubernetes service to pass this info to my app servers to show the client ip address? Even tried with java code usig get.remote.address function and still the same result. I know there is a method "service.spec.externalTrafficPolicy" but this is only for GCE ad Not for AWS. Any help!!!!!!

Renu Saharan
  • 41
  • 6
  • 1
    Because the loadbalancer does an SNAT the original Client IP addresses are replaced. You can somehow use an HTTP header x-forwarded-for to preserve the orginal client IP address. – sleepyhead Dec 23 '20 at 08:06
  • 1
    Just use NLB with nginx controller and ingress will resolve the issue simply as explained by Asri in answer. – Harsh Manvar Dec 23 '20 at 09:54

2 Answers2

7

you can use Network Load Balancer with Kubernetes services, Client traffic first hits the kube-proxy on a cluster-assigned nodePort and is passed on to all the matching pods in the cluster. When the spec.externalTrafficPolicy is set to the default value of Cluster, the incoming LoadBalancer traffic may be sent by the kube-proxy to pods on the node, or to pods on other nodes. With this configuration the client IP is sent to the kube-proxy, but when the packet arrives at the end pod, the client IP shows up as the local IP of the kube-proxy.

By changing the spec.externalTrafficPolicy to Local, the kube-proxy will correctly forward the source IP to the end pods, but will only send traffic to pods on the node that the kube-proxy itself is running on. Kube-proxy also opens another port for the NLB health check, so traffic is only directed to nodes that have pods matching the service selector.

apiVersion: v1
kind: Service
metadata:
  name: nginx
  namespace: default
  labels:
    app: nginx
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
spec:
  externalTrafficPolicy: Local
  ports:
  - name: http
    port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: nginx
type: LoadBalancer
Asri Badlah
  • 1,949
  • 1
  • 9
  • 20
0

I was able to do this with the help of cloudfront.I have enabled ultiple headers which are then passed in logs like the location and client IP from the CDN itself and got my solution.

Renu Saharan
  • 41
  • 6
  • 1
    As it’s currently written, your answer is unclear. Please [edit] to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Mar 29 '22 at 15:57