proxy protocol needs to be assigned to backend servers
teemow opened this issue · 0 comments
teemow commented
there is already a proxy protocol policy created for the ingress elb, but this also needs to be attached to the backend server.
aws-operator/resources/aws/elb.go
Line 166 in b7eec91
to do this manually with the cli:
aws elb set-load-balancer-policies-for-backend-server --load-balancer-name <clusterid>-ingress --instance-port 30010 --policy-names <clusterid>-ingress-proxy-protocol-policy
aws elb set-load-balancer-policies-for-backend-server --load-balancer-name <clusterid>-ingress --instance-port 30011 --policy-names <clusterid>-ingress-proxy-protocol-policy
the ingress controller then needs to be configured with use-proxy-protocol: "true" in the ingress-nginx configmap.
result will be that the services behind elb and ingress still see the clients ip addresses.