I have an EKS cluster with NLB in front of Nginx Pod. I'd like to enable client IP preservation without externalTrafficPolicy: Local. I have ALB controller installed (latest version). I tried to configure my Nginx Helm chart this way:
controller:
extraArgs:
enable-ssl-passthrough: true
config:
use-proxy-protocol: "true"
use-forwarded-headers: "true"
replicaCount: 3
service:
annotations:
service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
service.beta.kubernetes.io/aws-load-balancer-manage-backend-security-group-rules: true
service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
loadBalancerClass: service.k8s.aws/nlb
But Nginx logs shows strange chars:
127.0.0.1 - - [19/Sep/2024:09:58:47 +0000] "\x00" 400 150 "-" "-" 0 0.000 [] [] - - - - f717123d5a64a4926017eb2cd1431da1
127.0.0.1 - - [19/Sep/2024:09:58:48 +0000] "\x00" 400 150 "-" "-" 0 0.000 [] [] - - - - 3992c60aa4eff4f89c0e456caaed534b
127.0.0.1 - - [19/Sep/2024:09:58:48 +0000] "\x00" 400 150 "-" "-" 0 0.000 [] [] - - - - fe855463ccd7cd331057562cead06d2c
127.0.0.1 - - [19/Sep/2024:09:58:49 +0000] "\x00" 400 150 "-" "-" 0 0.000 [] [] - - - - e2acee74c9a46ed2ff4c4a8976ea0bb0
127.0.0.1 - - [19/Sep/2024:09:58:49 +0000] "\x00" 400 150 "-" "-" 0 0.000 [] [] - - - - 86345fdf6b7fd1471c6e63ca62a2cfdf
127.0.0.1 - - [19/Sep/2024:09:58:49 +0000] "\x00" 400 150 "-" "-" 0 0.000 [] [] - - - - 20c774a8bbd559e9746075662e5bd256
127.0.0.1 - - [19/Sep/2024:09:58:50 +0000] "\x00" 400 150 "-" "-" 0 0.000 [] [] - - - - 35bfd8b63886e2cf525036f375aad0a4
127.0.0.1 - - [19/Sep/2024:09:58:50 +0000] "\x00" 400 150 "-" "-" 0 0.000 [] [] - - - - 6a961777b4790c78f5901461b8efc15d
127.0.0.1 - - [19/Sep/2024:09:58:50 +0000] "\x00" 400 150 "-" "-" 0 0.000 [] [] - - - - c2e1903564e69df3504e0a6ce779d45c
127.0.0.1 - - [19/Sep/2024:09:58:51 +0000] "\x00" 400 150 "-" "-" 0 0.000 [] [] - - - - 4d235d27e29e904778e58279a9206dd6
127.0.0.1 - - [19/Sep/2024:09:58:51 +0000] "\x00" 400 150 "-" "-" 0 0.000 [] [] - - - - 4ae27a8a8628a10552f1fd6915e1cc91
127.0.0.1 - - [19/Sep/2024:09:58:51 +0000] "\x00" 400 150 "-" "-" 0 0.000 [] [] - - - - e53f2a69d2b4b2cccf32b8a9d6a2d8d8
127.0.0.1 - - [19/Sep/2024:09:58:52 +0000] "\x00" 400 150 "-" "-" 0 0.000 [] [] - - - - ce03d18a90f4ba8af0692fe21ac40da9
127.0.0.1 - - [19/Sep/2024:09:58:52 +0000] "\x00" 400 150 "-" "-" 0 0.000 [] [] - - - - 0d10c2c91fdbef14399894d039e97a7c
127.0.0.1 - - [19/Sep/2024:09:58:53 +0000] "\x00" 400 150 "-" "-" 0 0.000 [] [] - - - - bc494e74a68addbb69b210dfb18e6c52
127.0.0.1 - - [19/Sep/2024:09:58:53 +0000] "\x00" 400 150 "-" "-" 0 0.000 [] [] - - - - 30bc26387874676e7d1373879bcb763b
127.0.0.1 - - [19/Sep/2024:09:58:53 +0000] "\x00" 400 150 "-" "-" 0 0.000 [] [] - - - - 4dbc1dc5b09addec71368515d62cafa0
127.0.0.1 - - [19/Sep/2024:09:58:53 +0000] "\x00" 400 150 "-" "-" 0 0.000 [] [] - - - - f679b765113f458769b2d357a4df3dba
127.0.0.1 - - [19/Sep/2024:09:58:54 +0000] "\x00" 400 150 "-" "-" 0 0.000 [] [] - - - - f7d1ca269e17c161d06f15b4decd38aa
127.0.0.1 - - [19/Sep/2024:09:58:54 +0000] "\x00" 400 150 "-" "-" 0 0.000 [] [] - - - - 38e07b481ff49335d3d692a490ed5d95
My NLB shows target groups with port 80 and 443 with Proxy protocol active. Health checks show Healthy status