Get real source ip of clients


I'm trying to get the real source ip in the pods that running into my kube cluster. To access to kubernetes services I have deployed this:

HAPROXY (external) --> Traefik (daemonset) nodePort 32xxx --> svc --> pods

The haproxy instance is configured to forward the real ip:

backend back_hello
  balance leastconn
  option httpclose
  option forwardfor
  server node1 check ssl verify none
  server node2 check ssl verify none

I can access to my hello world app. But the ip of the client is not recognized.

I've found a lot of documentation but there is something I'm doing bad. In the websecure entrypoint (helm chart), I have added:

        - <--- My HAPROXY public IP
        - <-- pods subnet
        - <-- pods subnet
      insecure: false

And it's not working:
{"level":30,"time":1666701704374,"pid":18,"hostname":"hello-kubernetes-hello-world-54dc87bbb6-stnpd","req":{"id":12701,"method":"GET","url":"/","query":{},"params":{},"headers":{"host":"","user-agent":"curl/7.81.0","accept":"*/*","x-forwarded-for":"<node ip>","x-forwarded-host":"","x-forwarded-port":"443","x-forwarded-proto":"https","x-forwarded-server":"traefik-8rkqr","x-real-ip":"<node ip>","accept-encoding":"gzip"},"remoteAddress":"::ffff:<pod ip>","remotePort":41178},"res":{"statusCode":200,"headers":{"x-powered-by":"Express","content-type":"text/html; charset=utf-8","content-length":"846","etag":"W/\"34e-pOeBub5QvA/DD39aK/olEfPnxDk\""}},"responseTime":12,"msg":"request completed"}

The x-forwarded-for and real-ip are set to the real node IP.
The remoteAdress is set to the internal traefick pods ip.

I'm using a kubernetes managed by OVH.

How should I get the real client IP please ???

Set externalTrafficPolicy: Local in the traefik service.
No hostNetwork etc needed.

I passed a lot of hours on that !!!!! I have rtrie externaltrafficpolicy, nodeport, hostnetwork without any success.

And I tried to investigate on the reverse proxy (haproxy). I found that haproxy was not catching the client IP. It is a docker container and the container was launched in a swarm cluster. I asked the admin to use the host network.

All is running well now !!! Thanks for the answer.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.