Skip to content

Instantly share code, notes, and snippets.

@irizzant

irizzant/gist.md

Last active September 19, 2024 10:09
Show Gist options
  • Save irizzant/7a33fdcab56b28b584f234d1ffc7a84b to your computer and use it in GitHub Desktop.
Save irizzant/7a33fdcab56b28b584f234d1ffc7a84b to your computer and use it in GitHub Desktop.
Download ZIP
EKS NLB Nginx issue
Raw
gist.md

I have an EKS cluster with NLB in front of Nginx Pod. I'd like to enable client IP preservation without externalTrafficPolicy: Local. I have ALB controller installed (latest version). I tried to configure my Nginx Helm chart this way:

controller:
  extraArgs:
    enable-ssl-passthrough: true
  config:
    use-proxy-protocol: "true"
    use-forwarded-headers: "true"
  replicaCount: 3
  service:
    annotations:
      service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip
      service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
      service.beta.kubernetes.io/aws-load-balancer-manage-backend-security-group-rules: true
      service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
    loadBalancerClass: service.k8s.aws/nlb

But Nginx logs shows strange chars:

127.0.0.1 - - [19/Sep/2024:09:58:47 +0000] "\x00" 400 150 "-" "-" 0 0.000 [] [] - - - - f717123d5a64a4926017eb2cd1431da1
127.0.0.1 - - [19/Sep/2024:09:58:48 +0000] "\x00" 400 150 "-" "-" 0 0.000 [] [] - - - - 3992c60aa4eff4f89c0e456caaed534b
127.0.0.1 - - [19/Sep/2024:09:58:48 +0000] "\x00" 400 150 "-" "-" 0 0.000 [] [] - - - - fe855463ccd7cd331057562cead06d2c
127.0.0.1 - - [19/Sep/2024:09:58:49 +0000] "\x00" 400 150 "-" "-" 0 0.000 [] [] - - - - e2acee74c9a46ed2ff4c4a8976ea0bb0
127.0.0.1 - - [19/Sep/2024:09:58:49 +0000] "\x00" 400 150 "-" "-" 0 0.000 [] [] - - - - 86345fdf6b7fd1471c6e63ca62a2cfdf
127.0.0.1 - - [19/Sep/2024:09:58:49 +0000] "\x00" 400 150 "-" "-" 0 0.000 [] [] - - - - 20c774a8bbd559e9746075662e5bd256
127.0.0.1 - - [19/Sep/2024:09:58:50 +0000] "\x00" 400 150 "-" "-" 0 0.000 [] [] - - - - 35bfd8b63886e2cf525036f375aad0a4
127.0.0.1 - - [19/Sep/2024:09:58:50 +0000] "\x00" 400 150 "-" "-" 0 0.000 [] [] - - - - 6a961777b4790c78f5901461b8efc15d
127.0.0.1 - - [19/Sep/2024:09:58:50 +0000] "\x00" 400 150 "-" "-" 0 0.000 [] [] - - - - c2e1903564e69df3504e0a6ce779d45c
127.0.0.1 - - [19/Sep/2024:09:58:51 +0000] "\x00" 400 150 "-" "-" 0 0.000 [] [] - - - - 4d235d27e29e904778e58279a9206dd6
127.0.0.1 - - [19/Sep/2024:09:58:51 +0000] "\x00" 400 150 "-" "-" 0 0.000 [] [] - - - - 4ae27a8a8628a10552f1fd6915e1cc91
127.0.0.1 - - [19/Sep/2024:09:58:51 +0000] "\x00" 400 150 "-" "-" 0 0.000 [] [] - - - - e53f2a69d2b4b2cccf32b8a9d6a2d8d8
127.0.0.1 - - [19/Sep/2024:09:58:52 +0000] "\x00" 400 150 "-" "-" 0 0.000 [] [] - - - - ce03d18a90f4ba8af0692fe21ac40da9
127.0.0.1 - - [19/Sep/2024:09:58:52 +0000] "\x00" 400 150 "-" "-" 0 0.000 [] [] - - - - 0d10c2c91fdbef14399894d039e97a7c
127.0.0.1 - - [19/Sep/2024:09:58:53 +0000] "\x00" 400 150 "-" "-" 0 0.000 [] [] - - - - bc494e74a68addbb69b210dfb18e6c52
127.0.0.1 - - [19/Sep/2024:09:58:53 +0000] "\x00" 400 150 "-" "-" 0 0.000 [] [] - - - - 30bc26387874676e7d1373879bcb763b
127.0.0.1 - - [19/Sep/2024:09:58:53 +0000] "\x00" 400 150 "-" "-" 0 0.000 [] [] - - - - 4dbc1dc5b09addec71368515d62cafa0
127.0.0.1 - - [19/Sep/2024:09:58:53 +0000] "\x00" 400 150 "-" "-" 0 0.000 [] [] - - - - f679b765113f458769b2d357a4df3dba
127.0.0.1 - - [19/Sep/2024:09:58:54 +0000] "\x00" 400 150 "-" "-" 0 0.000 [] [] - - - - f7d1ca269e17c161d06f15b4decd38aa
127.0.0.1 - - [19/Sep/2024:09:58:54 +0000] "\x00" 400 150 "-" "-" 0 0.000 [] [] - - - - 38e07b481ff49335d3d692a490ed5d95

My NLB shows target groups with port 80 and 443 with Proxy protocol active. Health checks show Healthy status

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment