Hi
I am running kubernetes with kong as the ingress controller. I am trying to use the ip-restriction plugin however, that is not working since Kong is not getting the client IP from the AWS ELB.
Kong ingress controller version: 0.4.0
Kong version: 1.1
This is my kong configuration
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: kong
namespace: kong
spec:
template:
metadata:
labels:
name: kong
app: kong
spec:
initContainers:
# hack to verify that the DB is up to date or not
# TODO remove this for Kong >= 0.15.0
- name: wait-for-migrations
image: kong:1.1
command: [ "/bin/sh", "-c", "kong migrations list" ]
env:
- name: KONG_ADMIN_LISTEN
value: 'off'
- name: KONG_PROXY_LISTEN
value: 'off'
- name: KONG_PROXY_ACCESS_LOG
value: "/dev/stdout"
- name: KONG_ADMIN_ACCESS_LOG
value: "/dev/stdout"
- name: KONG_PROXY_ERROR_LOG
value: "/dev/stderr"
- name: KONG_ADMIN_ERROR_LOG
value: "/dev/stderr"
- name: KONG_PG_HOST
value: postgres
- name: KONG_PG_PASSWORD
value: kong
containers:
- name: kong-proxy
image: kong:1.1
env:
- name: KONG_PG_PASSWORD
value: kong
- name: KONG_PG_HOST
value: postgres
- name: KONG_PROXY_ACCESS_LOG
value: "/dev/stdout"
- name: KONG_PROXY_ERROR_LOG
value: "/dev/stderr"
- name: KONG_ADMIN_LISTEN
value: 'off'
- name: KONG_REAL_IP_HEADER
value: 'X-Forwarded-For'
- name: KONG_TRUSTED_IPS
value: '0.0.0.0/0,::/0'
- name: KONG_REAL_IP_RECURSIVE
value: 'on'
ports:
- name: proxy
containerPort: 8000
protocol: TCP
- name: proxy-ssl
containerPort: 8443
protocol: TCP
I’ve followed everything mentioned in the following discussion: Can not get client real ip in kubernetes on AWS ELB - #6 by abenitovsc however, kong is still getting the internal VPC IP rather than the client’s public IP. Not sure if anyone has any idea why this could be happening?
