I am trying to setup Kong in my K8S environment. My environment is running the following:
- Azure Kubernetes Service
- LinkerD Service Mesh
- Nginx Ingress
I wish to replace the Nginx Ingress with Kong but am running into an issue with trying to use the IP-Restriction plugin.
I have been through various posts on here as well as lots of documentation but everything I do results in the same problem. After hitting my service via the Ingress, I receive a response of
"message":"Your IP address is not allowed"
As some background, when my ingress is using nginx with the
nginx.ingress.kubernetes.io/whitelist-source-range annotation, everything works as expected.
I have setup two kong plugins; ip-restriction and request-transformer to add the l5-dst-override header. These plugins are applied to my ingress. When I look at the proxy container in the Kong pod, the request is always coming from 127.0.0.1.
I am installing Kong using the following helm command:
helm upgrade --namespace my-namespace --install --set ingressController.installCRDs=false,proxy.externalTrafficPolicy=Local,env.real_ip_recursive="on",env.trusted_ips="0.0.0.0/0\,::/0" --wait my-kong-chart-name kong/kong
As you can see from the install, I have tried setting
externalTrafficPolicy to Local as well as setting
real_ip_recursive' and trusted_ips`.
This is driving me insane now and I am sure it is something simple. Can anyone help?