Hi,
I spent the better of the day trying to enable proxy protocol so i can see where requests are coming from. Proxy protocol is enabled on ELB via service annotation:
apiVersion: v1
kind: Service
metadata:
annotations:
service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0
service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*'
in the kong proxy logs i can see the IPs of my EKS workers being reported. log follows:
10.128.95.165 - - [09/Oct/2019:20:12:12 +0000] "GET /ready HTTP/1.1" 200 16 "-" "curl/7.29.0"
10.128.117.220 - - [09/Oct/2019:20:12:12 +0000] "GET /ready HTTP/1.1" 200 16 "-" "curl/7.29.0"
10.128.91.240 - - [09/Oct/2019:20:12:12 +0000] "GET /ready HTTP/1.1" 200 16 "-" "curl/7.29.0"
10.128.80.217 - - [09/Oct/2019:20:12:13 +0000] "GET /ready HTTP/1.1" 200 16 "-" "curl/7.29.0"
10.128.75.179 - - [09/Oct/2019:20:12:13 +0000] "GET /ready HTTP/1.1" 200 16 "-" "curl/7.29.0"
10.128.108.247 - - [09/Oct/2019:20:12:14 +0000] "GET /ready HTTP/1.1" 200 16 "-" "curl/7.29.0"
10.128.107.239 - - [09/Oct/2019:20:12:14 +0000] "GET /ready HTTP/1.1" 200 16 "-" "curl/7.29.0"
10.128.95.159 - - [09/Oct/2019:20:12:15 +0000] "GET /ready HTTP/1.1" 200 16 "-" "curl/7.29.0"
10.128.116.164 - - [09/Oct/2019:20:12:15 +0000] "GET /ready HTTP/1.1" 200 16 "-" "curl/7.29.0"
10.128.95.165 - - [09/Oct/2019:20:12:15 +0000] "GET /ready HTTP/1.1" 200 16 "-" "curl/7.29.0"
10.128.76.72 - - [09/Oct/2019:20:12:16 +0000] "GET /ready HTTP/1.1" 200 16 "-" "curl/7.29.0"
10.128.117.220 - - [09/Oct/2019:20:12:16 +0000] "GET /ready HTTP/1.1" 200 16 "-" "curl/7.29.0"
10.128.91.240 - - [09/Oct/2019:20:12:17 +0000] "GET /ready HTTP/1.1" 200 16 "-" "curl/7.29.0"
10.128.80.217 - - [09/Oct/2019:20:12:17 +0000] "GET /ready HTTP/1.1" 200 16 "-" "curl/7.29.0"
10.128.95.159 - - [09/Oct/2019:20:12:18 +0000] "GET /ready HTTP/1.1" 200 16 "-" "curl/7.29.0"
10.128.108.247 - - [09/Oct/2019:20:12:18 +0000] "GET /ready HTTP/1.1" 200 16 "-" "curl/7.29.0"
10.128.74.173 - - [09/Oct/2019:20:12:18 +0000] "GET /ready HTTP/1.1" 200 16 "-" "curl/7.29.0"
10.128.107.239 - - [09/Oct/2019:20:12:19 +0000] "GET /ready HTTP/1.1" 200 16 "-" "curl/7.29.0"
10.128.95.165 - - [09/Oct/2019:20:12:19 +0000] "GET /ready HTTP/1.1" 200 16 "-" "curl/7.29.0"
10.128.108.247 - - [09/Oct/2019:20:12:20 +0000] "GET /ready HTTP/1.1" 200 16 "-" "curl/7.29.0"
10.128.91.240 - - [09/Oct/2019:20:12:20 +0000] "GET /ready HTTP/1.1" 200 16 "-" "curl/7.29.0"
10.128.80.217 - - [09/Oct/2019:20:12:21 +0000] "GET /ready HTTP/1.1" 200 16 "-" "curl/7.29.0"
10.128.107.239 - - [09/Oct/2019:20:12:21 +0000] "GET /ready HTTP/1.1" 200 16 "-" "curl/7.29.0"
10.128.108.247 - - [09/Oct/2019:20:12:22 +0000] "GET /ready HTTP/1.1" 200 16 "-" "curl/7.29.0"
10.128.116.164 - - [09/Oct/2019:20:12:22 +0000] "GET /ready HTTP/1.1" 200 16 "-" "curl/7.29.0"
10.128.74.238 - - [09/Oct/2019:20:12:23 +0000] "GET /ready HTTP/1.1" 200 16 "-" "curl/7.29.0"
10.128.95.159 - - [09/Oct/2019:20:12:23 +0000] "GET /ready HTTP/1.1" 200 16 "-" "curl/7.29.0"
10.128.117.220 - - [09/Oct/2019:20:12:23 +0000] "GET /ready HTTP/1.1" 200 16 "-" "curl/7.29.0"
10.128.75.179 - - [09/Oct/2019:20:12:24 +0000] "GET /ready HTTP/1.1" 200 16 "-" "curl/7.29.0"
10.128.76.72 - - [09/Oct/2019:20:12:24 +0000] "GET /ready HTTP/1.1" 200 16 "-" "curl/7.29.0"
^C
The kong is configured via environment variables as part of kong ingress helm chart:
- name: KONG_REAL_IP_HEADER
value: proxy_protocol
- name: KONG_REAL_IP_RECURSIVE
value: "on"
- name: KONG_ADMIN_LISTEN
value: 0.0.0.0:8444
- name: KONG_PROXY_LISTEN
value: 0.0.0.0:8000 proxy_protocol,0.0.0.0:8443 proxy_protocol ssl
- name: KONG_NGINX_DAEMON
value: "off"
Is it possible to see the real source ip of the client.