nginx ingress on kuberentes sees node ip address instead of the public internet resource requestor
Question
I have a kube.netes cluster and a nginx ingress. I have deployed an ingress to route traffic from a domain example.org to a specific container. Now, I am trying to block all requests which are not coming from a whitelisted ip range. Therefore I annotated the created ingress with nginx.ingress.kube.netes.io/whitelist-source-range . However, all traffic gets blocked so I looked at the logs from nginx and I realized that actually nginx sees the internal node ip address instead of the requestors public inte.net address.
2022/05/06 11:39:26 [error] 10719#10719: *44013470 access forbidden by rule, client: 172.5.5.84, server: example.org, request: "GET /.svn/wc.db HTTP/1.1", host: "example.org"
I am not sure what is actually wrong. When I remove the whitelist annotation, then everything works as expected.
1 answers
solution1
1 ACCPTED 2022-05-07 07:16:24
Okay, so this documentation fixed the issue https://kube.netes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
I had to change externalTrafficPolicy: Cluster to externalTrafficPolicy: Local
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.