Hei Vegard,
I am working on my k8s homelab, which is very much inspired by your work on this repo. However, preserving the client's source IP has been a tough nut to crack. Sure enough, having a correct X-Forwarded-For header is not too difficult, but the gateway controller keeps working on pod/service/node IPs instead of the true client IP.
How have you solved that issue? Are you able to set up CiliumNetworkPolicies or CiliumEnvoyConfig with your current setup for IP whitelisting or rate limiting?
I have on my side not been able to do it without proxy protocol, using HAProxy on my router, but ideally I would like to get rid of it.
Hei Vegard,
I am working on my k8s homelab, which is very much inspired by your work on this repo. However, preserving the client's source IP has been a tough nut to crack. Sure enough, having a correct X-Forwarded-For header is not too difficult, but the gateway controller keeps working on pod/service/node IPs instead of the true client IP.
How have you solved that issue? Are you able to set up CiliumNetworkPolicies or CiliumEnvoyConfig with your current setup for IP whitelisting or rate limiting?
I have on my side not been able to do it without proxy protocol, using HAProxy on my router, but ideally I would like to get rid of it.