I've set up a K3S Kubernetes Environment in my private Home-Lab on Raspberry PIs in order to teach myself some Kubernetes (Noob-Alert), using NGINX as Ingress Controller and I'm kind of stuck at passing the real IP of requests to the target Pods, in my case a Nextcloud instance. The Version of K3S is v1.22.5+k3s1.
The K3S was set up using Docker as container runtime and with the --no-deploy traefik option.
After that I deployed the NGINX Ingress Controller using
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.0/deploy/static/provider/baremetal/deploy.yaml
Then, after deploying the Nextcloud pods, I deployed the Ingress:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-ingress
annotations:
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
tls:
- hosts:
- my.own-dns.org
secretName: very-secret-ssl-secret
ingressClassName: nginx
rules:
- host: my.own-dns.org
http:
paths:
- path: /somepath
pathType: Prefix
backend:
service:
name: someservice-service
port:
number: 8081
- path: /
pathType: Prefix
backend:
service:
name: nextcloud-service
port:
number: 80
In the deployment of the IngressController, I added the following entries in the ConfigMap:
apiVersion: v1
kind: ConfigMap
metadata:
labels:
helm.sh/chart: ingress-nginx-4.0.10
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 1.1.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller
name: ingress-nginx-controller
namespace: ingress-nginx
data:
allow-snippet-annotations: 'true'
compute-full-forwarded-for: 'true'
use-forwarded-headers: 'true'
enable-real-ip: 'true'
proxy-add-original-uri-header: 'true'
forwarded-for-header: 'X-Forwarded-For'
and changed the ServiceType from the http service to LoadBalancer, so my Service of the IngressController looks like this:
apiVersion: v1
kind: Service
metadata:
annotations:
labels:
helm.sh/chart: ingress-nginx-4.0.10
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 1.1.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller
name: ingress-nginx-controller
namespace: ingress-nginx
spec:
type: LoadBalancer
ipFamilyPolicy: SingleStack
ipFamilies:
- IPv4
ports:
- name: http
port: 80
protocol: TCP
targetPort: http
appProtocol: http
- name: https
port: 443
protocol: TCP
targetPort: https
appProtocol: https
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: controller
So far so good, accessing the Nextcloud Instance from the Internet working great, including redirection to https, etc. But the Nextcloud Audit Log is only getting an internal Cluster IP as Source IP (surprisingly no IP from any Service I am running inside the Cluster), not the real from the outer world.
So what am I missing? I tried setting use-proxy-protocol to true, but this results in a ERR_CONNECTION_RESET.
