Traefik not showing x-forwarded-for and cf-connecting-ip headers in the basic Nginx App

Traefik Traefik v2 (latest)
, , ,
1

Hi Team,

I am running Traefik(2.8) in our k3s cluster(behind an LB). I deployed a basic Nginx app on the cluster and I tried to curl the url via terminal, but I am not seeing any x-forwarded-for or cf-connecting-ip headers in the output. How can I enable this for my basic nginx app?

Is there anything I need to do via middleware or ingressroute? If yes, can someone please share that middleware/ingressroute ?

Traefik Config:

additionalArguments:
  - "--ping"
  - "--ping.entrypoint=traefik"
  - "--log.level=DEBUG"
  - "--entrypoints.web.address=:80"
  - "--entrypoints.websecure.address=:443"
  - "--entryPoints.web.proxyProtocol.trustedIPs=127.0.0.1/32,192.168.1.0/24"
  - "--entryPoints.websecure.proxyProtocol.trustedIPs=127.0.0.1/32,192.168.1.0/24"
  - "--entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32,192.168.1.0/24"
  - "--entryPoints.websecure.forwardedHeaders.trustedIPs=127.0.0.1/32,192.168.1.0/24"
  
  

deployment:
  kind: Deployment
  replicas: 4

service:
  enabled: true
  type: LoadBalancer
  annotations:
    kubernetes.civo.com/loadbalancer-algorithm: round_robin
    kubernetes.civo.com/firewall-id: 03093EF6-31E6-48B1-AB1D-152AC3A8C90A
    kubernetes.civo.com/loadbalancer-enable-proxy-protocol: send-proxy

securityContext:
  capabilities:
    add:
      - NET_BIND_SERVICE
  runAsNonRoot: false
  runAsUser: 0

ports:
  web:
    port: 80
    expose: true
    protocol: TCP
    exposePort: 80
  websecure:
    port: 443
    expose: true
    protocol: TCP
    exposePort: 443
  traefik:
    port: 9000
    expose: true
    protocol: TCP
    exposePort: 9000
  metrics:
    port: 9050
    expose: true
    protocol: TCP
    exposePort: 9050

tlsOptions:
  default:
    maxVersion: VersionTLS13
    minVersion: VersionTLS12
  maxtls12:
    maxVersion: VersionTLS12

Nginx App, Service and ingress route yaml:

---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: nginx
  name: nginx-deployment
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
        - image: nginx:latest
          imagePullPolicy: IfNotPresent
          name: nginx
          ports:
            - containerPort: 80
              name: http
              protocol: TCP
      restartPolicy: Always
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: nginx
  name: nginx
  annotations:
    update: v1
spec:
  ports:
    - name: http
      port: 80
      targetPort: 80
      protocol: TCP
  selector:
    app: nginx
  type: ClusterIP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  annotations:
    kubernetes.io/ingress.class: traefik
  name: nginx-http
spec:
  entryPoints:
    - web
  routes:
    - kind: Rule
      match: Host(`test-one.domainname.com`) && PathPrefix(`/`)
      services:
        - name: nginx
          port: 80

Can someone please help with this? I want the x-forwarded-for and cf-connecting-ip headers.