1 Answer
- Newest
- Most votes
- Most comments
2
Hi,
To make it work, you need to have proxy protocol enabled on your NLB and have the appropriate configuration in ingress-nginx.
Here is an example of ingress-nginx, it expects that you have aws-load-balancer controller installed in your cluster.
controller:
config:
use-proxy-protocol: "true"
real-ip-header: "proxy_protocol"
use-forwarded-headers: "true"
service:
annotations:
service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
service.beta.kubernetes.io/aws-load-balancer-type: "external"
service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip"
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
It's only relevant parts, and there are more options to configure.
Relevant content
- asked a month ago
- asked 2 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 2 years ago
This worked like a charm, Thanks Dmytro Sirant.
Just to Add, my nginx ingress controller was using configmap so following was added to the DATA Part:
data: allow-snippet-annotations: "true" real-ip-header: proxy_protocol use-forwarded-headers: "true" use-proxy-protocol: "true"
After which i needed to update my NLB setting. Since it was deployed through an EKS service Object, updating annotations enabled the proxy protocol:
service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*'
The Order in which these things were updated is needed, and also During this exercise I observed the TLS termination to Fail for couple of minutes. So just a headsup for anyone who is applying the above with Live Traffic on workloads.
Just to reiterate, your answer is precisely what was needed. Thanks Again Dmytro.