Hello,
I'm trying to get the real source ip in the pods that running into my kube cluster. To access to kubernetes services I have deployed this:
HAPROXY (external) --> Traefik (daemonset) nodePort 32xxx --> svc --> pods
The haproxy instance is configured to forward the real ip:
backend back_hello
balance leastconn
option httpclose
option forwardfor
server node1 xxx.xxx.xxx.xxx:32xxx check ssl verify none
server node2 xxx.xxx.xxx.xxx:32xxx check ssl verify none
I can access to my hello world app. But the ip of the client is not recognized.
I've found a lot of documentation but there is something I'm doing bad. In the websecure entrypoint (helm chart), I have added:
forwardedHeaders:
trustedIPs:
- xxx.xxx.xxx.xxx/32 <--- My HAPROXY public IP
- 127.0.0.1/8
- 10.2.0.0/24 <-- pods subnet
- 10.2.1.0/24 <-- pods subnet
insecure: false
And it's not working:
{"level":30,"time":1666701704374,"pid":18,"hostname":"hello-kubernetes-hello-world-54dc87bbb6-stnpd","req":{"id":12701,"method":"GET","url":"/","query":{},"params":{},"headers":{"host":"hello.notech.fr","user-agent":"curl/7.81.0","accept":"*/*","x-forwarded-for":"<node ip>","x-forwarded-host":"hello.xxxx.xxx","x-forwarded-port":"443","x-forwarded-proto":"https","x-forwarded-server":"traefik-8rkqr","x-real-ip":"<node ip>","accept-encoding":"gzip"},"remoteAddress":"::ffff:<pod ip>","remotePort":41178},"res":{"statusCode":200,"headers":{"x-powered-by":"Express","content-type":"text/html; charset=utf-8","content-length":"846","etag":"W/\"34e-pOeBub5QvA/DD39aK/olEfPnxDk\""}},"responseTime":12,"msg":"request completed"}
The x-forwarded-for and real-ip are set to the real node IP.
The remoteAdress is set to the internal traefick pods ip.
I'm using a kubernetes managed by OVH.
How should I get the real client IP please ???