I am using L4 Nginx Loadbalancer to Kubernetes Cluster nodes with Stream configuration in Nginx.

Problem is that all Ingress resources got remote_ip from localhost

  • x-forwarded-for=127.0.0.1
  • x-real-ip=127.0.0.1

How to fix?

  1. You have to edit global ingress config in ConfigMap named nginx-configuration and set use-proxy-protocol=true
  2. After that, you have to modify nginx.conf on the LoadBalancer and add proxy_protocol on; after listen 443; and run nginx -s reload
Global Ingress Config Map

Now you can see real remote_addr IP address.

nginx.conf

worker_processes 2;
worker_rlimit_nofile 20000;

events {
    worker_connections 4096;
}

stream {
    upstream rancher_servers {
        least_conn;
        server IP_NODE_1:443 max_fails=3 fail_timeout=5s;
        server IP_NODE_2:443 max_fails=3 fail_timeout=5s;
        server IP_NODE_3:443 max_fails=3 fail_timeout=5s;
    }
    server {
        listen     443;
        proxy_protocol        on;
        proxy_pass rancher_servers;
    }

	upstream rancher_servers_http {
        least_conn;
        server IP_NODE_1:80 max_fails=3 fail_timeout=5s;
        server IP_NODE_2:80 max_fails=3 fail_timeout=5s;
        server IP_NODE_3:80 max_fails=3 fail_timeout=5s;
    }
    server {
        listen     80;
        proxy_protocol        on;
        proxy_pass rancher_servers_http;
    }
}

You can generate this config file with Terraform