Best way to preserve source ip address in k8s?

rxwen · December 30, 2019, 3:19pm

Hi,

We used traefik (v2.1) in a k8s cluster. It's deployed as a deployment with a nodeport service to expose it to external.
The problem is with our k8s configuration, traefik isn't able to get client's real source ip address. We get a cluster ip instead. It's more a k8s configuration.

One way we can think of is to place a traefik instance outside the k8s as a load balancer, and ask it to preserve the real client ip in X-Forwarded-For http header, and then proxy the traffic to the k8s service.
I'm not sue if this is the right approach to solve the probelm? Any other ideas?

Thanks.

rxwen · December 30, 2019, 11:27pm

And I'm aware that k8s points out how to preserve source ip here (https://kubernetes.io/docs/tutorials/services/source-ip/), but it's not practical to use Local service.spec.externalTrafficPolicy in our setup.

Zword · January 14, 2020, 6:58am

Hello @rxwen,

Have a look to my post here : Rancher - Traefik - Host Network
I had kind of the same behaviour and question :).

Have a good day,

Topic		Replies	Views
Preserve client source IP Traefik v2 kubernetes-crd , kubernetes-ingress	2	5951	September 3, 2021
How can I get the real IP address of the source Traefik v2 kubernetes-crd , kubernetes-ingress	0	198	December 27, 2024
Real IP from ELB Traefik v2 kubernetes-ingress	3	2609	November 12, 2019
Traefik with K8s as Ingress: Forward the origin IP of an client to the pods Traefik v2 kubernetes-ingress	2	1531	March 11, 2021
Client IP Address Appears as Traefik Pod IP Traefik v3 (latest) kubernetes-crd	8	384	January 2, 2025

Best way to preserve source ip address in k8s?

Related topics