How to enable support for use-forwarded-headers in ingress-nginx
This document (000020070) is provided subject to the disclaimer at the end of this document.
Environment
- A Kubernetes cluster provisioned by the Rancher Kubernetes Engine (RKE) CLI or Rancher v2.x
- For RKE provisioned clusters, you will require the RKE binary and access to the cluster configuration YAML, rkestate file and kubectl access with the kubeconfig for the cluster sourced
- For Rancher v2.x provisioned clusters, you will require cluster owner or global admin permissions in Rancher
Situation
Per the [ingress-nginx documentation], the use-forwarded-headers
configuration option enables passing "the incoming X-Forwarded-* headers to upstreams. Use this option when NGINX is behind another L7 proxy / load balancer that is setting these headers."
This article details how to enable the use-forwarded-headers
option in the ingress-nginx instance of Rancher Kubernetes Engine (RKE) CLI or Rancher v2.x provisioned Kubernetes clusters.
Resolution
Configuration for RKE CLI provisioned clusters
-
Edit the cluster configuration YAML file to include the
use-forwarded-headers: true
option for the ingress, as follows:ingress: provider: nginx options: use-forwarded-headers: true
-
Apply the changes to the cluster, by invoking
rke up
:rke up --config <cluster configuration yaml file>
-
Verify the new configuration:
for pod in $(kubectl get pods -l app=ingress-nginx -n ingress-nginx --no-headers -o name | awk -F '/' '{print $2}'); do echo -n "Checking $pod .... "; kubectl -n ingress-nginx exec "$pod" -- bash -c "cat /etc/nginx/nginx.conf | grep use_forwarded_headers | grep true > /dev/null 2>&1 && echo 'Good' || echo 'Bad'"; done
Configuration for Rancher v2.x provisioned clusters
- Log in to the Rancher UI.
- Go to Global -> Clusters -> Cluster Name.
- From the Cluster Dashboard edit the cluster by Clicking on "⋮" then select Edit.
- Click "Edit as YAML".
-
Include the
use-forwarded-headers
option for the ingress, as follows:ingress: provider: nginx options: use-forwarded-headers: true
-
Click "Save" at the bottom of the page.
- Wait for cluster to finish upgrading.
- Go back to the Cluster Dashboard and click "Launch kubectl".
- Run the following inside the kubectl CLI to verify the new argument:
for pod in $(kubectl get pods -l app=ingress-nginx -n ingress-nginx --no-headers -o name | awk -F '/' '{print $2}'); do echo -n "Checking $pod .... "; kubectl -n ingress-nginx exec "$pod" -- bash -c "cat /etc/nginx/nginx.conf | grep use_forwarded_headers | grep true > /dev/null 2>&1 && echo 'Good' || echo 'Bad'"; done
Additional Information
Further reading
Disclaimer
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:000020070
- Creation Date: 06-May-2021
- Modified Date:03-Apr-2024
-
- SUSE Rancher
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com