I would like to catch the Client IP Address inside my .NET application running behind GKE Ingress Controller to ensure that the client is permitted.
var requestIpAddress = request.HttpContext.Connection.RemoteIpAddress.MapToIPv4();
Instead of getting Client IP Address I get my GKE Ingress IP Address, due to The Ingress apply some forwarding rule.
The GKE Ingress controller is pointing to the Kubernetes service of type NodePort.
I have tried to add spec to NodePort service to preserve Client IP Address but it doesn't help. It is because the NodePort service is also runng behind the Ingress
externalTrafficPolicy: Local
Is it possible to preserve Client IP Address with GKE Ingress controller on Kubernetes?
NodePort Service for Ingress:
apiVersion: v1
kind: Service
metadata:
name: api-ingress-service
labels:
app/name: ingress.api
spec:
type: NodePort
externalTrafficPolicy: Local
selector:
app/template: api
ports:
- name: http
protocol: TCP
port: 80
targetPort: http
Ingress:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress
namespace: default
labels:
kind: ingress
app: ingress
annotations:
networking.gke.io/v1beta1.FrontendConfig: frontend-config
spec:
tls:
- hosts:
- '*.mydomain.com'
secretName: tls-secret
rules:
- host: mydomain.com
http:
paths:
- path: /*
pathType: ImplementationSpecific
backend:
service:
name: api-ingress-service
port:
number: 80
Posted community wiki for better visibility. Feel free to expand it.
Currently the only way to get the client source IP address in GKE Ingress is to use X-Forwarded-For header. It's known limitation for all GCP HTTP(s) Load Balancers (GKE Ingress is using External HTTP(s) LB).
If it does not suit your needs, consider migrating to a third-party Ingress Controller which is using an external TCP/UDP network LoadBalancer, like NGINX Ingress Controller.