Hi I'm trying to get client real-ip to restrict some access at pod on kubernetes environemnt
Checkout the properties for "real IP" determining (https://docs.konghq.com/2.1.x/configuration/#trusted_ips):
- trusted_ips
- real_ip_header
- real_ip_recursive
This might also of interest: https://github.com/Kong/kong/pull/5861
You need to specify the traffic policy on the kong-proxy service
spec:... selector: app: ingress-kong type: LoadBalancer externalTrafficPolicy: Local
And you may need to add one or both of the following environment variables to the kong container
- name: KONG_TRUSTED_IPS value: 0.0.0.0/0,::/0- name: KONG_REAL_IP_RECURSIVE value: "on"
I got this working with a k3s instance.
There are detailed information about the issues with the source-ip in "bare metal considerations for k8s" on the k8s documentation and "preserving client ip addresses" in kong docs. They contain too many details to briefly summarize.