Skip to main content
Use the PROXY protocol
Last update:

Use the PROXY protocol

For your information

The PROXY protocol only works correctly with Managed Kubernetes clusters version 1.21.10 or higher. You can upgrade cluster version.

  1. Download the manifest ingresscontroller.yaml.

  2. Make changes to the manifest fields that are marked with the [EDIT] tag:

    • enable the PROXY protocol:
    entries:
        proxy-protocol: "true"
    • create a Service with parameters:
    type: LoadBalancer
        externalTrafficPolicy: Cluster
        annotations:
        loadbalancer.openstack.org/proxy-protocol: "true"

  3. Install Helm package manager.

  4. Optional: add the ingress-nginx repository to Helm and update it:

    helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
    helm repo update

  5. Create the Ingress Controller using the manifest from step 1:

    helm install ingress-nginx/ingress-nginx --values ingresscontroller.yaml --generate-name

  6. Check that the Ingress Controller is installed:

    kubectl get svc

    The output of the command should contain an external IP address with the suffix nip.io:

    ````bash
    NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
    ingress-nginx-ingress LoadBalancer 10.100.100.100.100 123.123.123.123.123.123.nip.io 80:31039/TCP,443:31667/TCP 103s
    ````

    The suffix can be changed to any other suffix via balancer annotation loadbalancer.openstack.org/ingress-hostname-suffix: "test-suffix"

  7. Create a test Deployment echo server:

    cat <<EOF | kubectl apply -f -
    apiVersion: apps/v1
    kind: Deployment
    metadata:
        name: echoserver
        namespace: default
        labels:
          app: echoserver
    spec:
        replicas: 1
        selector:
          matchLabels:
            app: echoserver
        template:
          metadata:
            labels:
              app: echoserver
          spec:
            containers:
            - name: echoserver
              image: gcr.io/google-containers/echoserver:1.10
              imagePullPolicy: IfNotPresent
              ports:
                - containerPort: 8080
    EOF

  8. Create a Service for the echo server:

    kubectl expose deployment echoserver --type=ClusterIP --target-port=8080

  9. Create an Ingress rule for the Service echo server:

    cat <<EOF | kubectl apply -f -
    apiVersion: networking.k8s.io/v1
    kind: Ingress
    metadata:
        name: test-proxy-protocol
        namespace: default
        annotations:
          kubernetes.io/ingress.class: "nginx"
    spec:
        rules:
          - host: test.com
            http:
              paths:
              - path: /ping
                pathType: Exact
                backend:
                  service:
                    name: echoserver
                    port:
                      number: 8080
    EOF

  10. Check out Ingress:

    kubectl get ing

    Command output (IP address may appear after a while):

    NAME HOSTS ADDRESS PORTS AGE
    test-proxy-protocol test.com 123.123.123.123.123.123.nip.io 80 2s

  11. Check the connection:

    ip=123.123.123.123.123.123.nip.io
    curl -sH 'Host: test.com' http://$ip/ping | sed '/^\s*$/d'

    Command output:

    Hostname: echoserver-5c79dc5747-txwnz
    Pod Information:
            -no pod information available-
    Server values:
            server_version=nginx: 1.13.3 - lua: 10008
    Request Information:
            client_address=10.10.10.31
            method=GET
            real path=/ping
            query=
            request_version=1.1
            request_scheme=http
            request_uri=http://test.com:8080/ping
    Request Headers:
            accept=*/*
            connection=close
            host=test.com
            user-agent=curl/7.74.0
            x-forwarded-for=<xxx>
            x-forwarded-host=test.com
            x-forwarded-port=80
            x-forwarded-proto=http
            x-real-ip=<xxx>
    Request Body:
            -no body in request-