Proxy Protocol - Forward Source IP

less than a minute

With the default configuration of the Ingress Controller and OpenStack load balancer, all external web requests from the Kubernetes cluster come from the internal IP of the load balancer.

If the external IP is required within the Kubernetes cluster, the so-called proxy protocol must be activated.

Warning

If the proxy protocol is activated, the Ingress can no longer be accessed from within the cluster!

Example NGINX Ingress Controller

The following lines must be added to the ConfigMap of the Ingress Controller:

use-proxy-protocol: "true"
use-forwarded-headers: "true"

In addition, an annotation must be added to the associated load balancer service for the NGINX Ingress Controller:

apiVersion: v1
kind: Service
metadata:
  annotations:
    loadbalancer.openstack.org/proxy-protocol: "true"

Now applications within the Kubernetes cluster can view the external IP address of external web requests.

Last modified 22.04.2024: Revert "Adding Keycloac documentation" (6ebe5a3)