New to Voyager? Please start here.

Keep Source IP

You can preserve client source IP by setting annotation ingress.appscode.com/keep-source-ip to true.

For LoadBalancer type ingresses, the actual configuration generated depends on the underlying cloud provider.

  • GCE, GKE, Azure, ACS: Sets ExternalTrafficPolicy to Local for services used to expose HAProxy. See here.
  • AWS: Enables accept-proxy that enforces the use of the PROXY protocol over any connection accepted by any of the sockets declared on the same line.

For NodePort type ingresses, it sets ExternalTrafficPolicy to Local regardless the cloud provider.

Ingress Example

apiVersion: voyager.appscode.com/v1beta1
kind: Ingress
metadata:
  name: test-ingress
  namespace: default
  annotations:
    ingress.appscode.com/keep-source-ip: "true"
    ingress.appscode.com/health-check-nodeport: "32312"
spec:
  rules:
  - host: voyager.appscode.test
    http:
      paths:
      - path: /foo
        backend:
          serviceName: test-server
          servicePort: 80

Here health-check-nodeport annotation specifies HealthCheckNodePort field for services used to expose HAProxy. If not specified, it will be auto-assigned by kubernetes. Note that, it is only effective when keep-source-ip is true and ingress type is LoadBalancer.


NB: Please note that, Kubernetes support for AWS NLB is limited as of 1.11.x release. Check kubernetes/features#423 for NLB support status.

service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*" annotation is not supported for AWS NLB as of 1.11.x release. At this time proxy protocol attribute needs to be set on the NLB target group either manually from the aws console or from aws cli.


Take your team where it needs to go.

Create your cluster in minutes. Our team is here to help and would be happy to chat with you.