ClientAddr shows internal IP with externalTrafficPolicy set to Local

We have the latest traefik deployed with helm into our EKS cluster. We want to setup whitelist on IP for ingress. So we need client address to be external IP. In Ingress like Nginx. It works when the externalTrafficPolicy set to Local. I did the same on traefik. But it does not work. The following is my fullset of configuration on helm.

Can you please advise what went wrong and how to fix it?

logs:
  general:
    format: json
  access:
    enabled: true
    format: json
metrics:
  prometheus:
    service:
      enabled: true
      labels: {}
      annotations: {}
    serviceMonitor:
      jobLabel: traefik
      interval: 30s
      honorLabels: true
      additionalLabels:
        instance: primary
deployment:
  kind: DaemonSet
  podAnnotations:
    reloader.stakater.com/auto: "true"
ports:
  web:
    nodePort: 32080
service:
  spec:
    externalTrafficPolicy: Local
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-type: nlb
    service.beta.kubernetes.io/aws-load-balancer-subnets: ${lb_subnet_ids}
    service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
  enabled: true
  single: true
  type: LoadBalancer
providers:
  # Enable cross namespace references
  kubernetesCRD:
    enabled: true
    allowCrossNamespace: true
  # Enable published service
  kubernetesIngress:
    publishedService:
      enabled: true

1 Like

Can anybody help here?