Hi,
playing with a demo I see that service type LoadBalancer does SNAT, so the original source IP is not visible at the app code.
Is there any way to disable that ? (i.e. to have source IP visibility)
This is in a native cluster, BTW.
TIA,
-Carlos
Either way you would have to use an Ingress resource to get a L7 load balancer. Service of type LoadBalancer provisions a L4 one. In NSX-T, you would have to manually assign an application profile that passes the X-Forwarded-For header where that information is preserved. This would be supported in something like TKGI but it's not out of the box in vSphere with Tanzu Standard. With HAProxy, you would again have to manually edit the config file and something like option forwardfor.
Are you asking about Basic with HAProxy or Standard with NSX-T?
Should I choose ?
For the time being, NSX-T based. But would not mind knowing if HA-Proxy makes a difference...
No, I'm not asking you to choose, I'm asking what you are actually using because it makes a difference. Do you have vSphere with Tanzu Standard (part of VCF with NSX-T) or Basic (standalone vSphere with HAProxy)?
I know, I understand what you are asking.
But I'm in search for knowledge, not for a solution, so I would not mind knowing how it works in both cases.
The issue at hand, where I found that IP was not being preserved, is using NSX-T a.k.a. vSphere with kubernetes.
Either way you would have to use an Ingress resource to get a L7 load balancer. Service of type LoadBalancer provisions a L4 one. In NSX-T, you would have to manually assign an application profile that passes the X-Forwarded-For header where that information is preserved. This would be supported in something like TKGI but it's not out of the box in vSphere with Tanzu Standard. With HAProxy, you would again have to manually edit the config file and something like option forwardfor.