Forwarding Client Connection Info in Your DigitalOcean Kubernetes Setup with PROXY Protocol
In this blog post, we’ll delve into enabling the PROXY protocol on DigitalOcean's LoadBalancer using ingress-nginx in order to forward client IP addresses.
Our focus will be on forwarding client IP addresses, a crucial step for scenarios such as IP-based geolocation or access restriction based on IP.
Let’s dive into the details! 🌊🪸
⚠️
I assume you already have an Ingress NGINX Controller installed and running
Enable PROXY protocol on the Ingress NGINX Controller
First, we need to edit the ConfigMap:
kubectl edit configmap ingress-nginx-controller
Under data add use-proxy-protocol and set it to "true"
This will allow the Ingress NGINX Controller to parse the PROXY protocol header.
apiVersion: v1
data:
use-proxy-protocol: "true"
⚠️
Notice: this is a string and NOT a boolean 😮
Enable PROXY protocol on the LoadBalancer
Lastly, we need to edit the Ingress NGINX Controller service, where we specifically enable the PROXY protocol on the DigitalOcean LoadBalancer, so it will pass the real client IP:
apiVersion: v1
kind: Service
metadata:
annotations:
service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true"