I have a gateway setup with TLS passthrough, which I figure is the same as a TCP gateway with some extra magic wrapped around it. The upstream pod is setup with TPROXY interceptionMode so the source IPs are preserved instead of receiving 127.0.0.1 for every connection. The problem I am facing is now all incoming traffic is identified with the Ingress Gateway Pod’s IP.
I also tested utilizing an httpbin pod and both a HTTP gateway and TCP gateway. When running over the HTTP gateway I receive “origin”: “10.14.159.251” (correct client IP). When running over the TCP gateway I receive “origin”: “100.100.2.226” (Ingress Gateway Pod’s IP).
Is it at all possible to preserve the client IP without terminating TLS at the Ingress Gateway?
I am currently running the latest, Istio 1.6.3.