Best way to preserve source ip address in k8s?


We used traefik (v2.1) in a k8s cluster. It's deployed as a deployment with a nodeport service to expose it to external.
The problem is with our k8s configuration, traefik isn't able to get client's real source ip address. We get a cluster ip instead. It's more a k8s configuration.

One way we can think of is to place a traefik instance outside the k8s as a load balancer, and ask it to preserve the real client ip in X-Forwarded-For http header, and then proxy the traffic to the k8s service.
I'm not sue if this is the right approach to solve the probelm? Any other ideas?


And I'm aware that k8s points out how to preserve source ip here (, but it's not practical to use Local service.spec.externalTrafficPolicy in our setup.

Hello @rxwen,

Have a look to my post here : Rancher - Traefik - Host Network
I had kind of the same behaviour and question :).

Have a good day,