nginx ingress on kuberentes sees node ip address instead of the public internet resource requestor

Question

I have a kubernetes cluster and a nginx ingress. I have deployed an ingress to route traffic from a domain example.org to a specific container. Now, I am trying to block all requests which are not coming from a whitelisted ip range. Therefore I annotated the created ingress with nginx.ingress.kubernetes.io/whitelist-source-range. However, all traffic gets blocked so I looked at the logs from nginx and I realized that actually nginx sees the internal node ip address instead of the requestors public internet address.

2022/05/06 11:39:26 [error] 10719#10719: *44013470 access forbidden by rule, client: 172.5.5.84, server: example.org, request: "GET /.svn/wc.db HTTP/1.1", host: "example.org"

I am not sure what is actually wrong. When I remove the whitelist annotation, then everything works as expected.

Answer 1

Okay, so this documentation fixed the issue https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip

I had to change externalTrafficPolicy: Cluster to externalTrafficPolicy: Local