TLS passthrough and IP forwarding?

IgorJ · February 21, 2024, 3:19pm

Hi,

I have configured the following Ingress route (see below). It works almost the same way as required.
The only problem is that my backend always got the same IP address of the Ingress controller (?) and not the real IP address, of the callers.

Is it possible configure traefik somehow to keep the IP address of the real callers in tcp/ip packages, which go to my backend?
If not, is there any other way to pass the IP address of the callers to backend while still having TLS passthrough enabled?

Best regards,
Igor

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
  annotations:
    kubernetes.io/ingress.class: ingress-int
  labels:
    app.kubernetes.io/name: test-server
  name: test-server
  namespace: services-test
spec:
  entryPoints:
    - websecure
  tls:
    passthrough: true
  routes:
    - match: HostSNI(`test.net`)      
      services:
        - name: test-server
          port: 9000

bluepuma77 · February 21, 2024, 7:38pm

To keep the IP, you would need to use ProxyProtocol, which prepends the IP to the TCP connection/request. With regular http, it is usually passed on in the headers.

Topic		Replies	Views
TLS passthrough not working Traefik v2 kubernetes-ingress	1	90	March 29, 2024
How to pass request from Traefik Ingress Controller to IP backend Traefik v2 kubernetes-ingress	4	264	May 7, 2023
IngressRouteTCP with TLS backend Traefik v2 kubernetes-crd	0	410	May 17, 2021
Hosting a HTTP-App on a custom TCP-Port with TLS Traefik v2 kubernetes-crd , kubernetes-ingress , tcp	1	1029	March 25, 2022
Unable to passthrough tls Traefik v2 kubernetes-crd , kubernetes-ingress	5	1103	February 7, 2022

TLS passthrough and IP forwarding?

Related Topics