Hi,
We have Istio setup and running on via RKE2 and using it as our service mesh and TLS termination, without an external load balancer.
We are using VirtualServices for traffic routing and have an IstioOperator that we setup and run.
What we noticed is that viewing the access logs we’re not getting the external IP for the originating request when we visit a page.
So for example if someone from 192.168.0.20 visits the homepage being running on host 192.168.0.10 we get:
[2022-07-12T14:49:48.037Z] "GET /assets/images/favicon.ico HTTP/2" 200 - via_upstream - "-" 0 4286 1 - "192.168.0.10" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36" "6a19ad46-5d79-4147-8e82-36447a7bb2c4" "homepage.com" "10.110.0.45:8090" outbound|8090||homepage.svc.cluster.local 10.110.0.57:55122 10.110.0.57:8443 192.168.20.241:56594 homepage.com -
What we are trying to do is have the external IP populated within the access logs, we’ve tried including externalTrafficPolicy: Local and a few other changes, but anything which involves using a proxy protocol falls over breaks (likely because we aren’t using an external load balancer).
This seems like something that should be easy to manage, but nothing in the configs or documentation we’ve looked at seems to be working, short of forcing the src IP into the X-Forwarded For header.
The config options / pages we’ve been looking at:
Any help here would be great - Feels like we’ve been chasing our tails on something that should (and hopefully is) pretty simple