Configure externalTrafficPolicy for our Service
In order to preserve client IPs, we first need to set externalTrafficPolicy to true in our Helm chart values.yaml for our Service.
controller:
...
service:
externalTrafficPolicy: Local
internal:
externalTrafficPolicy: Local
Configure Nginx to process users IPs in values.yaml
controller:
config:
# Log Format
log-format-escape-json: "true"
log-format-upstream: '{"time": "$time_iso8601", "remote_addr": "$proxy_protocol_addr", "proxy_upstream_name": "$proxy_upstream_name", "proxy_alternative_upstream_name": "$proxy_alternative_upstream_name", "upstream_status": $upstream_status, "upstream_addr": "$upstream_addr", "upstream_reponse_time": $upstream_response_time, "request_id": "$req_id", "remote_user": "$remote_user", "bytes_sent": $bytes_sent, "request_time": $request_time, "status": $status, "vhost": "$host", "request_proto": "$server_protocol", "path": "$uri", "request_query": "$args", "request_length": $request_length, "response_length": $upstream_response_length, "duration": $request_time,"method": "$request_method", "http_referrer": "$http_referer", "http_user_agent": "$http_user_agent" }'
# Configure X-Forwarded-For
proxy-real-ip-cidr: "192.168.0.0/16"
use-forwarded-headers: true
compute-full-forwarded-for: true
# Proxy Protocol
use-proxy-protocol: "true"
Here, what is important was to enable proxy protocol use. The rest is up to your taste.
Configure the right annotations for our Service
For Scaleway Loadbalancer, I had to add in values.yaml:
controller:
service:
...
annotations:
service.beta.kubernetes.io/scw-loadbalancer-proxy-protocol-v2: "true"
service.beta.kubernetes.io/scw-loadbalancer-use-hostname: "true"