Kong Ingress Real IP AWS ELB Not Working

Hi

I am running kubernetes with kong as the ingress controller. I am trying to use the ip-restriction plugin however, that is not working since Kong is not getting the client IP from the AWS ELB.
Kong ingress controller version: 0.4.0
Kong version: 1.1

This is my kong configuration

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: kong
  namespace: kong
spec:
  template:
    metadata:
      labels:
        name: kong
        app: kong
    spec:
      initContainers:
        # hack to verify that the DB is up to date or not
        # TODO remove this for Kong >= 0.15.0
        - name: wait-for-migrations
          image: kong:1.1
          command: [ "/bin/sh", "-c", "kong migrations list" ]
          env:
            - name: KONG_ADMIN_LISTEN
              value: 'off'
            - name: KONG_PROXY_LISTEN
              value: 'off'
            - name: KONG_PROXY_ACCESS_LOG
              value: "/dev/stdout"
            - name: KONG_ADMIN_ACCESS_LOG
              value: "/dev/stdout"
            - name: KONG_PROXY_ERROR_LOG
              value: "/dev/stderr"
            - name: KONG_ADMIN_ERROR_LOG
              value: "/dev/stderr"
            - name: KONG_PG_HOST
              value: postgres
            - name: KONG_PG_PASSWORD
              value: kong
      containers:
        - name: kong-proxy
          image: kong:1.1
          env:
            - name: KONG_PG_PASSWORD
              value: kong
            - name: KONG_PG_HOST
              value: postgres
            - name: KONG_PROXY_ACCESS_LOG
              value: "/dev/stdout"
            - name: KONG_PROXY_ERROR_LOG
              value: "/dev/stderr"
            - name: KONG_ADMIN_LISTEN
              value: 'off'
            - name: KONG_REAL_IP_HEADER
              value: 'X-Forwarded-For'
            - name: KONG_TRUSTED_IPS
              value: '0.0.0.0/0,::/0'
            - name: KONG_REAL_IP_RECURSIVE
              value: 'on'
          ports:
            - name: proxy
              containerPort: 8000
              protocol: TCP
            - name: proxy-ssl
              containerPort: 8443
              protocol: TCP

I’ve followed everything mentioned in the following discussion: Can not get client real ip in kubernetes on AWS ELB however, kong is still getting the internal VPC IP rather than the client’s public IP. Not sure if anyone has any idea why this could be happening?

If you are terminating L4/TCP at ELB, then you will need to proxy-protcol.

If you are terminating HTTP/L7 at ELB, then the above should work.

1 Like

Got it, I was using L4/TCP at ELB. :sweat_smile:


© 2019 Kong Inc.    Terms  •  Privacy  •  FAQ