I'm currently working on configuring my API Gateway, specifically Apisix in an OVH managed cluster, which I've deployed via Helm, to ensure that it forwards the real client IP addresses instead of the IP of the load balancer.
I found a tutorial for achieving this with a random Nginx controller here. However, I'm unsure about how to implement the same functionality with Apisix.
I noticed there's a real-ip plugin available for Apisix. Would configuring the annotation along with this plugin be sufficient for achieving the desired behavior? If not, what additional steps or configurations would be necessary to ensure Apisix forwards the real client IP addresses?
Thank you for any assistance or guidance provided.
After meddling around a bit, here is the way to achieve a real-ip setup with apisix on Kubernetes in an OVH cluster.
apisix-gateway
) in your Kubernetes cluster:metadata:
annotations:
service.beta.kubernetes.io/ovh-loadbalancer-proxy-protocol: "v2"
spec:
externalTrafficPolicy: Local
With this annotation, all traffic routed to your Apisix gateway will be wrapped by the proxy protocol.
configmap
object named "apisix":apisix:
node_listen:
- 9081
proxy_protocol:
listen_http_port: 9080
listen_https_port: 9443
enable_tcp_pp: true
enable_tcp_pp_to_upstream: true
ssl:
enable: true
listen:
- port: 9444
{"source":"proxy_protocol_addr","_meta":{"disable":false}}
By following these steps, you'll be able to capture the real IP behind the OVH Kubernetes load balancer effectively.