You're almost there! Please answer a few more questions for access to the Applications content. Complete registration
Interested in joining? Complete your registration by providing Areas of Interest here. Register

Services in oci kubernetes behind an oci lb do not receive proper X-Forwarded-For or X-Real-Ip.

in OCI - General

x-forwarded-for and x-real-ip are purely 10.0.20.104, an ip which I can't find configured anywhere. I believe it's the internal ip of the lb.

x-forwarded-host, x-forwarded-port, x-forwarded-proto/scheme all work correctly, showing the host I configured in the ingress.

With proxy protocol enabled, both headers start working as expected, but then cert-bot breaks because it can't self check anymore...

service.beta.kubernetes.io/oci-load-balancer-backend-protocol: "http"

is also not ok, as it breaks https...

So for the lb I am doing: 

externalTrafficPolicy: Local    
service.beta.kubernetes.io/oci-load-balancer-shape: "flexible"    
service.beta.kubernetes.io/oci-load-balancer-shape-flex-min: "10"    
service.beta.kubernetes.io/oci-load-balancer-shape-flex-max: "100"    
service.beta.kubernetes.io/oci-load-balancer-backend-protocol: "TCP"
Tagged:

Howdy, Stranger!

Log In

To view full details, sign in.

Register

Don't have an account? Click here to get started!