1 réponse
- Le plus récent
- Le plus de votes
- La plupart des commentaires
2
Hi,
To make it work, you need to have proxy protocol enabled on your NLB and have the appropriate configuration in ingress-nginx.
Here is an example of ingress-nginx, it expects that you have aws-load-balancer controller installed in your cluster.
controller:
config:
use-proxy-protocol: "true"
real-ip-header: "proxy_protocol"
use-forwarded-headers: "true"
service:
annotations:
service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
service.beta.kubernetes.io/aws-load-balancer-type: "external"
service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip"
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
It's only relevant parts, and there are more options to configure.
Contenus pertinents
- demandé il y a un an
- demandé il y a un an
- demandé il y a un an
- demandé il y a 2 mois
- AWS OFFICIELA mis à jour il y a un an
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 2 ans
This worked like a charm, Thanks Dmytro Sirant.
Just to Add, my nginx ingress controller was using configmap so following was added to the DATA Part:
data: allow-snippet-annotations: "true" real-ip-header: proxy_protocol use-forwarded-headers: "true" use-proxy-protocol: "true"
After which i needed to update my NLB setting. Since it was deployed through an EKS service Object, updating annotations enabled the proxy protocol:
service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*'
The Order in which these things were updated is needed, and also During this exercise I observed the TLS termination to Fail for couple of minutes. So just a headsup for anyone who is applying the above with Live Traffic on workloads.
Just to reiterate, your answer is precisely what was needed. Thanks Again Dmytro.