I have an EKS cluster version 1.30 with ingress nginx controller (v4.10.0) and ALB controller (v1.8.1).
Nginx uses a LoadBalancer Service which uses a NLB in "ip" mode.
service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
service.beta.kubernetes.io/aws-load-balancer-manage-backend-security-group-rules: true
I want to enable proxy protocol v2 in NLB without setting externalTrafficPolicy to Local.
I tried adding the following annotations to the Service:
service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
service.beta.kubernetes.io/aws-load-balancer-manage-backend-security-group-rules: true
service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
and also added the following to Nginx ConfigMap configuration:
use-proxy-protocol: "true"
With this, Nginx starts emitting weird logs like:
127.0.0.1 - - [24/Jul/2024:14:00:32 +0000] "\x00" 400 150 "-" "-" 0 0.000 [] [] - - - - 3b3e2a7e7853f870e78ebff653b7b6e7
and the traffic doesn't reach the controller.
Any suggestion?
I have already tried the annotations reported in your link, and my NLB does not terminate SSL connections but the Ingress Controller does.
It's the NLB health check that breaks as soon as you activate the proxy protocol