New to Voyager? Please start here.

Keep Source IP

You can preserve client source IP by setting annotation ingress.appscode.com/keep-source-ip to true.

For LoadBalancer type ingresses, the actual configuration generated depends on the underlying cloud provider.

  • GCE, GKE, Azure, ACS: Sets ExternalTrafficPolicy to Local for services used to expose HAProxy. See here.
  • AWS: Enables accept-proxy that enforces the use of the PROXY protocol over any connection accepted by any of the sockets declared on the same line.

For NodePort type ingresses, it sets ExternalTrafficPolicy to Local regardless the cloud provider.

Ingress Example

apiVersion: voyager.appscode.com/v1
kind: Ingress
metadata:
  name: test-ingress
  namespace: default
  annotations:
    ingress.appscode.com/keep-source-ip: "true"
    ingress.appscode.com/health-check-nodeport: "32312"
spec:
  rules:
  - host: voyager.appscode.test
    http:
      paths:
      - path: /foo
        backend:
          service:
            name: test-server
            port:
              number: 80

Here health-check-nodeport annotation specifies HealthCheckNodePort field for services used to expose HAProxy. If not specified, it will be auto-assigned by kubernetes. Note that, it is only effective when keep-source-ip is true and ingress type is LoadBalancer.


NB: Please note that, Kubernetes support for AWS NLB is limited as of 1.11.x release. Check kubernetes/features#423 for NLB support status.

service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*" annotation is not supported for AWS NLB as of 1.11.x release. At this time proxy protocol attribute needs to be set on the NLB target group either manually from the aws console or from aws cli.