i have set up the RKE2 cluster. And there is an "embedded" rke2 nginx ingress in there, their document says that the ingress controller can be modified via the helm rke ingress manifest, but normally in the EKS, there are "externalTrafficPolicy: Local" to set in the LoadBalancer 's Service, but they don't exist in RKE because they use the nginx external Layer 4 LB. So my question is how to get the original client IP that nginx stream pass to rke-nginx-ingress? I check their latest document but did not find. the nginx layer 4 config is
stream {
upstream rancher_servers_http {
least_conn;
server rke1:80 max_fails=3 fail_timeout=5s;
server rke2:80 max_fails=3 fail_timeout=5s;
server rke3:80 max_fails=3 fail_timeout=5s;
}
server {
listen 80;
proxy_pass rancher_servers_http;
}
upstream rancher_servers_https {
least_conn;
server rke1:443 max_fails=3 fail_timeout=5s;
server rke2:443 max_fails=3 fail_timeout=5s;
server rke3:443 max_fails=3 fail_timeout=5s;
}
server {
listen 443;
proxy_pass rancher_servers_https;
}
}
Thank you.
