-
Notifications
You must be signed in to change notification settings - Fork 134
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Source IP detection #146
Comments
tamalsaha
added a commit
that referenced
this issue
Jun 8, 2017
…165) This preserves source IP for LoadBalancer type ingresses for aws, gce, gke, azure. The actual configuration generated depends on the underlying cloud provider. - gce, gke, azure: Adds annotation service.beta.kubernetes.io/external-traffic: OnlyLocal to services used to expose HAProxy. ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer - aws: Enforces the use of the PROXY protocol over any connection accepted by any of the sockets declared on the same line. Versions 1 and 2 of the PROXY protocol are supported and correctly detected. The PROXY protocol dictates the layer 3/4 addresses of the incoming connection to be used everywhere an address is used, with the only exception of "tcp-request connection" rules which will only see the real connection address. Logs will reflect the addresses indicated in the protocol, unless it is violated, in which case the real address will still be used. This keyword combined with support from external components can be used as an efficient and reliable alternative to the X-Forwarded-For mechanism which is not always reliable and not even always usable. See also "tcp-request connection expect-proxy" for a finer-grained setting of which client is allowed to use the protocol. ref: https:/kubernetes/kubernetes/blob/release-1.5/pkg/cloudprovider/providers/aws/aws.go#L79 (this was implemented in #144) Fixes #146, #100
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
https://kubernetes.io/docs/tutorials/services/source-ip/
@sadlil our original client IP issue seems to be solved now.
kubernetes/enhancements#27 (comment)
The text was updated successfully, but these errors were encountered: