This is my first time creating a topic here in the community, so I ask for patience and understanding.
I just installed Traefik from scratch (v2.3.1) in a GKE cluster via helm following the documentation (https://doc.traefik.io/traefik/getting-started/install-traefik/#use-the-helm -chart), changing the following attributes:
values.yaml
service:
spec: {
externalTrafficPolicy: Local
}
additionalArguments:
- "--log.level=DEBUG"
Everything worked as expected, Traefik's Pod is running, generated a Service of type = LoadBalancer with a public IP.
Then I created an IngressRoute with an endpoint to forward to a nginx deploy with a Hello World just for testing and added a whitelist Middleware:
ing-test.yaml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: test
spec:
entryPoints:
- web
routes:
- kind: Rule
middlewares:
- name: whitelist
match: Host (`xxx.xxx`)
services:
- name: nginx-deployment
port: 80
whitelist.yaml
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: whitelist
spec:
ipWhiteList:
sourceRange:
- 0.0.0.0/0
In the first test, access from any source was released to test the endpoint, as expected everything worked correctly. When we change Middleware for a specific IP range, we receive Forbidden:
sourceRange:
- 0.0.0.0/0
sourceRange:
- my-ip/32
Analyzing the logs of Traefik we realized that the IP that arrives in it is not the real IP of the client, but a kind of gateway of kubernetes 10.64.0.1 for example, which generates Forbbiden in all requests and we were unable to find out how to keep the real IP . We tested with Nginx Ingress and it works correctly. Does anyone have any suggestions?
GKE version:
Client Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.5", GitCommit:"e6503f8d8f769ace2f338794c914a96fc335df0f", GitTreeState:"clean", BuildDate:"2020-06-26T03:47:41Z", GoVersion:"go1.13.9", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"15+", GitVersion:"v1.15.12-gke.20", GitCommit:"0ac5f81eecab42bff5ef74f18b99d8896ba7b89b", GitTreeState:"clean", BuildDate:"2020-09-09T00:48:20Z", GoVersion:"go1.12.17b4", Compiler:"gc", Platform:"linux/amd64"}