Hi
I am running kubernetes with kong as the ingress controller. I am trying to use the ip-restriction plugin however, that is not working since Kong is not getting the client IP from the AWS ELB.
Kong ingress controller version: 0.4.0
Kong version: 1.1
This is my kong configuration
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: kong
namespace: kong
spec:
template:
metadata:
labels:
name: kong
app: kong
spec:
initContainers:
# hack to verify that the DB is up to date or not
# TODO remove this for Kong >= 0.15.0
- name: wait-for-migrations
image: kong:1.1
command: [ "/bin/sh", "-c", "kong migrations list" ]
env:
- name: KONG_ADMIN_LISTEN
value: 'off'
- name: KONG_PROXY_LISTEN
value: 'off'
- name: KONG_PROXY_ACCESS_LOG
value: "/dev/stdout"
- name: KONG_ADMIN_ACCESS_LOG
value: "/dev/stdout"
- name: KONG_PROXY_ERROR_LOG
value: "/dev/stderr"
- name: KONG_ADMIN_ERROR_LOG
value: "/dev/stderr"
- name: KONG_PG_HOST
value: postgres
- name: KONG_PG_PASSWORD
value: kong
containers:
- name: kong-proxy
image: kong:1.1
env:
- name: KONG_PG_PASSWORD
value: kong
- name: KONG_PG_HOST
value: postgres
- name: KONG_PROXY_ACCESS_LOG
value: "/dev/stdout"
- name: KONG_PROXY_ERROR_LOG
value: "/dev/stderr"
- name: KONG_ADMIN_LISTEN
value: 'off'
- name: KONG_REAL_IP_HEADER
value: 'X-Forwarded-For'
- name: KONG_TRUSTED_IPS
value: '0.0.0.0/0,::/0'
- name: KONG_REAL_IP_RECURSIVE
value: 'on'
ports:
- name: proxy
containerPort: 8000
protocol: TCP
- name: proxy-ssl
containerPort: 8443
protocol: TCP
I’ve followed everything mentioned in the following discussion: Can not get client real ip in kubernetes on AWS ELB however, kong is still getting the internal VPC IP rather than the client’s public IP. Not sure if anyone has any idea why this could be happening?