We still cannot see actual client IP in kong proxy logs. We also have set the following environment variables
env:
database: postgres
proxy_listen: 0.0.0.0:8000, 0.0.0.0:8443 ssl proxy_protocol
trusted_ips: 0.0.0.0/0,::/0
real_ip_recursive: “on”
real_ip_header: X-Forwarded-For
The above environment variables are passed from the value.yaml file and I can confirm KONG_TRSUTED_IPS, KONG_REAL_IP_RECURSIVE, KONG_REAL_IP_HEADER are set inside the kong proxy pod.
Not sure this will work completely as I think some lua will need to be slung to fully take advantage of this… I am investigating further: How to Forward Client's request IP
I have solved this issue recently, you should just setting two env variables in Kong.
real_ip_header: X-Forwarded-For (Right, you have it)
trusted_ips: “YOUR ELB VPC CIDR“
by this way Nginx uses the module ngx_http_realip_module reading the Forwarded IP and updating the remote_addr with the first IP (client IP). After this change, Nginx traces will displace client public IP instead of ELB IPs. Kong will only serve requests forwarded from you load balancer.
You will see that the X-Real-IP set by kong from the remote_addr is the first IP in the forwarded-for header (clientIP) instead of the last one(IP from the ELB CIDR).