Closed
Description
This is a question.
How can I get the client's IP address from inside my container?
I'm printing the requests that arrive to my container:
POST /shared/login HTTP/1.1
Host: primeratest.REDACTED.co
Accept-Encoding: gzip
Content-Length: 364
Content-Type: application/x-www-form-urlencoded
User-Agent: okhttp/3.8.1
X-B3-Sampled: 1
X-B3-Spanid: 5dc565d1235a089c
X-B3-Traceid: 5dc565d1235a089c
X-Envoy-Internal: true
X-Forwarded-For: 10.xxx.0.4 // this is an internal IP
X-Forwarded-Proto: https
X-Request-Id: e78ed2dc-9eb8-934b-b311-75e1bce9869
I have a gateway and a VirtualService:
---
kind: Service
apiVersion: v1
metadata:
name: api
labels:
app: api
spec:
selector:
app: api
ports:
- port: 5000
protocol: TCP
targetPort: 5000
name: http
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: api-gateway
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 443
name: https
protocol: HTTPS
tls:
mode: SIMPLE
serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
privateKey: /etc/istio/ingressgateway-certs/tls.key
hosts:
- "primeratest.redacted.co"
- port:
number: 80
name: http
protocol: HTTP
tls:
httpsRedirect: true
hosts:
- "primeratest.redacted.co"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: api
spec:
hosts:
- "primeratest.redacted.co"
gateways:
- api-gateway
http:
- match:
- uri:
prefix: /
route:
- destination:
host: api
port:
number: 5000
Activity
dermyrddin commentedon Aug 3, 2018
Just meet the same issue.
Found some suggestions for adding "use_remote_address": true to envoy config but can't figure out how to do that...
facundomedica commentedon Aug 3, 2018
I found exactly the same, but I think that that's something internal, I don't now how to access it either
ijsnellf commentedon Aug 3, 2018
cc @rshriram
facundomedica commentedon Aug 3, 2018
One solution could be use Cloudflare as a Proxy, which adds some useful headers and also adds the client's IP to the x-forwarded-for header.
dermyrddin commentedon Aug 4, 2018
Unfortunately, I can't use Cloudflare
swistaczek commentedon Oct 4, 2018
Is there any solution for this problem?
dermyrddin commentedon Oct 4, 2018
@swistaczek you can use NLB instead of ELB #8337
But there is an issue in K8S if you run several clusters in same AWS region kubernetes/kubernetes#69264
[-]Get the IP address from the client[/-][+]Get the IP address of the client[/+]facundomedica commentedon Oct 4, 2018
I've changed the issue's title to make it more clear
Dagon- commentedon Oct 12, 2018
I'm just running into this as well. According to this:
#7679
Setting
externalTrafficPolicy: Localin the ingress-gateway service will cause the real client IP to be passed through.That's causing connectivity issues for me though.
jonasdkhansen commentedon Oct 23, 2018
I also have this problem. I have a GKE cluster, and I'm using the istio ingress as loadbalancer from outside, and sending the traffic to a simple nginx pod. But the nginx is getting the internal istio ingress ip, and not the real users ip.
jonasdkhansen commentedon Oct 23, 2018
I got it working with adding externalTrafficPolicy: Local to the istio-ingressgateway service, and then in my nginx conf i added a header with $http_x_forwarded_for :)
jaepyoung commentedon Oct 24, 2018
I have one container of node.js and it is not getting client ip. I am using EKS. Is there any workaround to fix this issue? externalTrafficPolicy: Local doesn't work for me. Do I need to set up another thing?
songrgg commentedon Nov 29, 2018
Thanks, externalTrafficPolicy: Local works for me, I hosted Kubernetes on Tencent Cloud.
27 remaining items