Enabling the PROXY protocol allows a load balancer managed within a Kubernetes cluster to forward client connection information (such as client IP addresses) to the nodes. The software running on the nodes must be configured to accept the connection information from the load balancer and have the ability to parse the PROXY protocol data.
If your load balancer is backed by an ingress controller, the ingress controller itself must support the PROXY protocol. You will need to first enable PROXY protocol within the ingress controller and then enable it for the load balancer. Otherwise, the ingress controller will not be able to parse the PROXY protocol, which can lead to disruptions in traffic flow.
This example uses nginx installed using the Kubernetes 1-Click App but the following steps can also be used for instances of nginx and DigitalOcean Load Balancers deployed using Helm charts or manifests.
Edit the ConfigMap that nginx uses for custom configurations. Typically, the ConfigMap file is in the same namespace where nginx is deployed. You can run
helm ls -A to check the namespace where nginx is installed. Run the following command to edit the ConfigMap using your namespace and service name:
kubectl edit configmap -n <namespace> <service-name>
use-proxy-protocol = "true" to the
data section in the ConfigMap and save the file:
apiVersion: v1 data: allow-snippet-annotations: "true" use-proxy-protocol: "true" kind: ConfigMap metadata: annotations: .... labels: ... name: ingress-nginx-controller
PROXY protocol is now enabled in the NGINX ingress controller, allowing it to parse the PROXY protocol header.
Open the service config file for the load balancer by running the following command using your namespace and service name:
kubectl edit service -n <namespace> <service-name>
service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true" to the
annotations section in the service config file and save the file.
apiVersion: v1 kind: Service metadata: annotations: kubernetes.digitalocean.com/load-balancer-id: f55b4d90-your-load-balancer-id-4b1a29c40ff service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true" labels: ... name: ingress-nginx-controller