Configuring ProxyProtocol for Nginx Ingress on AWS
This post will quickly show you how to enable
ProxyProtocol for your Nginx Ingress Controller on AWS.
- You’re using the
nginx-ingressHelm Chart and are familiar with deploying to Kubernetes with Helm.
servicetype for Nginx is a CLB (Classic
LoadBalancer- which is the default). As of Kubernetes
1.14, official docs still consider Network Load Balancers to be in Alpha.
All you need to do is add some configuration properties, and a few annotations to your
service. These can be toggled on/off even after a
LoadBalancer has been created.
Some applications don’t work well with ProxyProtocol. Be careful.
values.yaml, set these:
controller: config: # use-forwarded-headers: "true" # compute-full-forwarded-for: "true" # be wary of k8s bug affecting cert-manager with ProxyProtocol # https://github.com/jetstack/cert-manager/issues/466 use-proxy-protocol: "true" service: annotations: service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "tcp" service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
These config properties are automatically injected into
ConfigMap NAME_OF_CHART-nginx-ingress-controller in your controller’s namespace.
After deploying these changes, downstream applications will see source IPs.