Kubernetes ingress

Get real-ip header

• Traefik Kubernetes Ingress and X-Forwarded- Headers

Other resources, non of them worked for my setup though:

• Make Traefik Forward Real Client IP
• K8s docs: Create an External Load Balancer / Preserving the client source IP
• Getting Real Client IP with k3s

Traffic in front of the cluster ingress

• Haven't found a way to pass the real-ip header when using a TCP router with TLS passthrough
• passHostHeader is only available for http services, not for tcp services, of course because

  Header is a concept from HTTP protocol. TCP does not have a concept of an HTTP header

• Until then, services that require real-ip (i.e. Plausible) need to stay on an external node with static IP

Exposing arbitrary TCP and UDP ports

nginx-ingress by default can only expose http+https ports. You can use the tcp and udp helm chart config options like this:

tcp:
  8080: "moewe/unifi-controller:8080"

or this:

 udp:
  10001: "moewe/unifi-discovery:10001"
  3478: "moewe/unifi-stun:3478"

BUT you can mix them, if will produce the following error when applying a mixed TCP+UDP helmfile:

Error: Service "oas-test-proxy-nginx-ingress-controller" is invalid: spec.ports: Invalid value: … cannot create an external load balancer with mix protocols

Related issues:

• https://github.com/helm/charts/issues/11268
• https://github.com/kubernetes/kubernetes/issues/23880

Basic auth

• Basic Authentication