VMware Cloud Community
TronAr
Commander
Commander
‎10-09-2020 07:49 AM
Jump to solution

Source IP visible from container in vSphere with kubernetes ?

Hi,

playing with a demo I see that service type LoadBalancer does SNAT, so the original source IP is not visible at the app code.

Is there any way to disable that ? (i.e. to have source IP visibility)

This is in a native cluster, BTW.

TIA,

-Carlos

1 Solution

Accepted Solutions
daphnissov
Immortal
Immortal
‎10-09-2020 09:59 AM
Jump to solution

Either way you would have to use an Ingress resource to get a L7 load balancer. Service of type LoadBalancer provisions a L4 one. In NSX-T, you would have to manually assign an application profile that passes the X-Forwarded-For header where that information is preserved. This would be supported in something like TKGI but it's not out of the box in vSphere with Tanzu Standard. With HAProxy, you would again have to manually edit the config file and something like option forwardfor.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net

View solution in original post

5 Replies
daphnissov
Immortal
Immortal
‎10-09-2020 08:01 AM
Jump to solution

Are you asking about Basic with HAProxy or Standard with NSX-T?

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
0 Kudos
TronAr
Commander
Commander
‎10-09-2020 08:10 AM
Jump to solution

Should I choose ? Smiley Happy

For the time being, NSX-T based. But would not mind knowing if HA-Proxy makes a difference...

0 Kudos
daphnissov
Immortal
Immortal
‎10-09-2020 09:30 AM
Jump to solution

No, I'm not asking you to choose, I'm asking what you are actually using because it makes a difference. Do you have vSphere with Tanzu Standard (part of VCF with NSX-T) or Basic (standalone vSphere with HAProxy)?

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
0 Kudos
TronAr
Commander
Commander
‎10-09-2020 09:35 AM
Jump to solution

I know, I understand what you are asking.

But I'm in search for knowledge, not for a solution, so I would not mind knowing how it works in both cases.

The issue at hand, where I found that IP was not being preserved, is using NSX-T a.k.a. vSphere with kubernetes.

0 Kudos
daphnissov
Immortal
Immortal
‎10-09-2020 09:59 AM
Jump to solution

Either way you would have to use an Ingress resource to get a L7 load balancer. Service of type LoadBalancer provisions a L4 one. In NSX-T, you would have to manually assign an application profile that passes the X-Forwarded-For header where that information is preserved. This would be supported in something like TKGI but it's not out of the box in vSphere with Tanzu Standard. With HAProxy, you would again have to manually edit the config file and something like option forwardfor.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net