i'm running a grafana instance in kubernetes, which talks to a influxdb instance, also in kubernetes. both have their endpoints as Ingresses using ingress-nginx.
the issue is that when i use 'Server (default)' Access in grafana to define the Data Source, i would expect the requests to originate from the grafana server - which it does. however, the http headers contain:
X-Forwarded-For: 98.35.x.y, 127.0.0.1, 172.24.4.44, 172.24.4.44
X-Original-Forwarded-For: 98.35.x.y
X-Real-Ip: 98.35.x.y
to add a little more protection to my influx ingress i add:
annotations:
nginx.ingress.kubernetes.io/whitelist-source-range: "a.b.c.0/24,172.16.0.0/12"
now, the grafana instance is within the rfc1918 address range. however, it appears as though ingress-nginx is using one of the forwarded or x-real-ip headers against the whitelist - and subsequently returns a 403.
is there a way i can configure my influxdb ingress to allow my grafana proxied traffic through?
