[nginx] X-Forwarded-For IPs disappear on beta.14

[egeland]

We updated from beta.11 to beta.14, and the reported IPs changed from external IPs to in-cluster IPs.

I note that c24e212 seems to have changed things relating to forwarded IPs - is there a bug here (that I can't spot by reading the code), or do we need to set a config setting that isn't documented?

This might partially relate to #1410 in that the forwarded IPs may not match against the whitelisted ones.

[egeland]

We rolled back to beta.13 and the expected behaviour returns.

[aledbf]

@egeland where are you running the cluster? what kubernetes version are you using?

[aledbf]

c24e212

That commit just allows to use a custom forwarded IP header (cloudflare uses a different header)

[egeland]

Our k8s is 1.6.8 in AWS.

I mentioned that commit as it seemed like the only one touching the Forwarded IP stuff. I don't know for sure that it's causing the issue.

[aledbf]

@egeland can you enable proxy protocol?
This is an example that shows how to do that https://github.com/kubernetes/ingress/tree/master/examples/aws/nginx

[aledbf]

@egeland the ELB is configured as L4 or L7. If you want to use the X-Forwarded-For header it should be L7

[matthope]

Following up for @egeland - the ELB is a L7 - and it works as expected on beta.13, but not beta.14.

[joe-elliott]

I'm also seeing this issue/difference between beta.13 and beta.14. beta.13 passed the correct ip upstream, beta 14 does not.

I am on k8s 1.6.9 hosted on AWS as setup by kops.