We are using kong as our ingress controller with service type LoadBalancer. Kong is deployed using helm chart.
- name: kong-proxy
- name: kong-proxy-tls
We still cannot see actual client IP in kong proxy logs. We also have set the following environment variables
proxy_listen: 0.0.0.0:8000, 0.0.0.0:8443 ssl proxy_protocol
The above environment variables are passed from the value.yaml file and I can confirm KONG_TRSUTED_IPS, KONG_REAL_IP_RECURSIVE, KONG_REAL_IP_HEADER are set inside the kong proxy pod.
@hbagdi any suggestion on what might be wrong will be really helpful. Thanks in advance.
Not sure this will work completely as I think some lua will need to be slung to fully take advantage of this… I am investigating further: How to Forward Client's request IP
I have solved this issue recently, you should just setting two env variables in Kong.
real_ip_header: X-Forwarded-For (Right, you have it)
trusted_ips: “YOUR ELB VPC CIDR“
by this way Nginx uses the module ngx_http_realip_module reading the Forwarded IP and updating the remote_addr with the first IP (client IP). After this change, Nginx traces will displace client public IP instead of ELB IPs. Kong will only serve requests forwarded from you load balancer.
Thanks @abenitovsc will give it a try and update here if i am able to get this working.
Hi @Mju, i have just realized that trusted_ips content was escaped with <
I have updated my last comment. Tell us with the feedback. You can deploy this app to check the headers.
You will see that the X-Real-IP set by kong from the remote_addr is the first IP in the forwarded-for header (clientIP) instead of the last one(IP from the ELB CIDR).