TL;DR - I wan’t to use the IPWhiteList middleware but Traefik (as a k8s ingress controller) can’t read the client source IP address.
Here’s my configuration. K8s is installed on a Debian host with kubeadm:
kubeadm init --pod-network-cidr 10.244.0.0/16
I use Flannel:
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
My Traefik ingress controller is exposed by a clusterIP service with an externalIP (here 172.28.128.7 is an example):
apiVersion: v1 kind: Service metadata: name: traefik-svc labels: app: traefik spec: selector: app: traefik ports: - name: web protocol: TCP port: 80 - name: websecure protocol: TCP port: 443 externalIPs: - 172.28.128.7
Everything's working fine. I can access to my services from IngressRoute etc. but I can't preserve the source client IP. I have installed a "WhoAmI" service and it returns the IP of the Traefik ingress controller as the source IP:
→ curl -v http://whoami.example.com/ * Trying 172.28.128.7... * TCP_NODELAY set * Connected to whoami.example.com (172.28.128.7) port 80 (#0) > GET / HTTP/1.1 > Host: whoami.example.com > User-Agent: curl/7.64.1 > Accept: */* > < HTTP/1.1 200 OK < Content-Length: 402 < Content-Type: text/plain; charset=utf-8 < Date: Tue, 11 Feb 2020 13:35:58 GMT < Hostname: whoami-deployment-bd6b677dc-bsvst IP: 127.0.0.1 IP: 10.244.0.5 RemoteAddr: 10.244.0.4:52864 GET / HTTP/1.1 Host: whoami.example.com User-Agent: curl/7.64.1 Accept: */* Accept-Encoding: gzip X-Forwarded-For: 10.244.0.1 X-Forwarded-Host: whoami.example.com X-Forwarded-Port: 80 X-Forwarded-Proto: http X-Forwarded-Server: traefik-deployment-9cff6f74d-jrglg X-Real-Ip: 10.244.0.1
Anyone can help? I'm not sure if the problem is Traefik/Flannel or k8s but I'm not able to make it works...