Use the PROXY protocol in a Managed Kubernetes cluster

Last update: April 17 2026

For your information

PROXY protocol works correctly only with Managed Kubernetes clusters version 1.21.10 or higher. You can upgrade the cluster version.

For your information

These are instructions for configuring access through the Nginx Ingress Controller.

1. Download the ingresscontroller.yaml manifest.

2. Make changes to the manifest fields that are marked with the [EDIT] tag:

   • enable the PROXY protocol:

   config:
       use-proxy-protocol: true

   • create a Service with parameters:

   type: LoadBalancer
   externalTrafficPolicy: Cluster
   annotations:
       loadbalancer.openstack.org/proxy-protocol: "true"

   Do not change the value of the externalTrafficPolicy parameter.

3. Install the Helm package manager.

4. Optional: add the ingress-nginx repository to Helm and update it:

   helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
   helm repo update

5. Create the Ingress Controller using the manifest from step 1:

   helm install ingress-nginx/ingress-nginx --values ingresscontroller.yaml --generate-name

6. Check that the Ingress Controller is installed:

   kubectl get svc

   The output of the command should contain an external IP address with the suffix nip.io:

   NAME                  TYPE         CLUSTER-IP    EXTERNAL-IP          PORT(S)                    AGE
   ingress-nginx-ingress LoadBalancer 10.100.100.100 123.123.123.123.nip.io 80:31039/TCP,443:31667/TCP 103s

7. Create a test Deployment echo server:

   cat <<EOF | kubectl apply -f -
   apiVersion: apps/v1
   kind: Deployment
   metadata:
       name: echoserver
       namespace: default
       labels:
         app: echoserver
   spec:
       replicas: 1
       selector:
         matchLabels:
           app: echoserver
       template:
         metadata:
           labels:
             app: echoserver
         spec:
           containers:
           - name: echoserver
             image: gcr.io/google-containers/echoserver:1.10
             imagePullPolicy: IfNotPresent
             ports:
               - containerPort: 8080
   EOF

8. Create a Service for the echo server:

   kubectl expose deployment echoserver --type=ClusterIP --target-port=8080

9. Create an Ingress rule for the Service echo server:

   cat <<EOF | kubectl apply -f -
   apiVersion: networking.k8s.io/v1
   kind: Ingress
   metadata:
       name: test-proxy-protocol
       namespace: default
   spec:
       ingressClassName: "nginx"
       rules:
         - host: test.com
           http:
             paths:
             - path: /ping
               pathType: Exact
               backend:
                 service:
                   name: echoserver
                   port:
                     number: 8080
   EOF

10. Check out Ingress:

    kubectl get ing

    Command output (IP address may appear after a while):

    NAME                HOSTS    ADDRESS                PORTS AGE
    test-proxy-protocol test.com 123.123.123.123.nip.io 80    2s

11. Check the connection:

    ip=123.123.123.123.nip.io
    curl -sH 'Host: test.com' http://$ip/ping | sed '/^\s*$/d'

    Command output:

    Hostname: echoserver-5c79dc5747-txwnz
    Pod Information:
            -no pod information available-
    Server values:
            server_version=nginx: 1.13.3 - lua: 10008
    Request Information:
            client_address=10.10.10.31
            method=GET
            real path=/ping
            query=
            request_version=1.1
            request_scheme=http
            request_uri=http://test.com:8080/ping
    Request Headers:
            accept=*/*
            connection=close
            host=test.com
            user-agent=curl/7.74.0
            x-forwarded-for=<xxx>
            x-forwarded-host=test.com
            x-forwarded-port=80
            x-forwarded-proto=http
            x-real-ip=<xxx>
    Request Body:
            -no body in request-