Can not get client real ip in kubernetes on VM

I want to attach client IP to custom-header via kong-custom-plugin and send it to backe-end.
I tried several ways but could not get the actual Client IP.

Is there a way to know the actual client IP in the kong plugin or the back-end behind kong?

1. Env

  • Openstack VM
  • Kubernetes
  • Kong(1.3.0) with DB(postgresql) and Ingress(0.5.0)
  • stable chart

2. Try
ngx.var.remote_addr=10.220.5.1
ngx.var.realip_remote_addr=10.220.5.1
kong.client.get_ip()=10.220.5.1

real ip
cluster ip = 10.221.xx.xx
pod ip = 10.220.1.XX
real client ip = 10.25X.XX.XX

3. X-Forwarded-For
I found that request send client IP to back-end by “X-Forwarded-For” header.
However, X-Forwarded-For is a header value attached by ELB, and nginx and kong are simply forwarded.
kong.conf
real_ip_header = X-Forwarded-For
real_ip_recursive = on
trusted_ips = 0.0.0.0/0,::/0

Depending upon which Kubernetes distribution you are using, you might need to set ExternalTrafficPolicy:
https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip

Are you using a TCP load balancer or HTTP load balancer?

Thank you for your help but ExternalTrafficPolicy is supported only in GCE.

I do not use Load Balancer and GCE
I use kubernetes 1.15.0 and linux/amd64 openstack

“External Client requests” reaches “Back-End Service”(Pod on VM) through “Kong” (Pod on VM)
In normal case, which method do I use for getting client real ip?

How can I get the client real ip at kong plugin?

That depends on what is sitting in-front of Kong.
Is there anything between Kong and the client?
If not, then Kong should see the real header already.

Use the kong.client module to get the IP address of the client: https://docs.konghq.com/1.3.x/pdk/kong.client/

Wow! you are great!

I set ExternalTrafficPolicy on kong proxy.
When sending a request to kong from a Linux client, I found that it returned an abnormal IP address of the proxy server(? 168.xxx.xxx.xxx). I use proxy environment.
However, when the client requests from Windows, the client’s actual IP value is returned.
I have not figured out why Linux and Window return different IPs.
I gave up using the Linux client for development and decided to use Window.

Thank you again for the power of @hbaqdi.


© 2018 Kong Inc.    Terms  •  Privacy  •  FAQ