0

I'm running HAProxy Kubernetes Ingress as a Daemonset. There is no Load Balancer in front of HAProxy - client browsers connect directly to the HAProxy service > ingress controller, which is correctly routing to the application.

We can't set the X-Forwarded-For header in requests going to haproxy because they are coming directly from a browser.

I've changed the DaemonSet to deploy the container without the hostPort and to use a Service with externalTrafficPolicy=local . Happy to change back to a hostPort if there is a way to get the IP by doing that.

Our logs are showing up using the default http log format here: https://www.haproxy.com/blog/haproxy-log-customization/. - log-format "%ci:%cp..."

The first value %ci should be the client IP, but what we're getting here is the Kubernetes Node IP. This issue is also described here: haproxy source ip address shows Kubernetes node ip address by a user running haproxy in kubernetes though not as an ingress controller. This user wanted to have logs with the x-forwarded-for header showing. That works for us, but browsers don't set it.

How can I get the actual Client IP into a log please? Ideally without adding in another piece of software infront of haproxy.

Pharaoh Tools
  • 161
  • 3
  • 7
  • Can you tell us more about your Kubernetes environment? How was it deployed? Do you see any difference in behavior between using a Service and using a hostPort? – larsks Oct 12 '22 at 13:41
  • Sure - happy to describe anything specific, is there particular output you'd like?. Everything works except for this bit - logging the client IP. Also, no difference in functionality that I can see between HostPort and NodePort. I changed to a NodePort because according to docs externalTrafficPolicy=local should (I believe) be doing the trick here. – Pharaoh Tools Oct 12 '22 at 14:53

0 Answers0