Ingress only works if hostNetwork=true

What keywords did you search in NGINX Ingress controller issues before filing this one? (If you have found any duplicates, you should instead reply there.):

rancher/rancher#16764

Is this a BUG REPORT or FEATURE REQUEST? (choose one):
BUG REPORT

NGINX Ingress controller version :
quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.21.0

Kubernetes version (use kubectl version ):

Client Version: version.Info{Major:"1", Minor:"12", GitVersion:"v1.12.0", GitCommit:"0ed33881dc4355495f623c6f22e7dd0b7632b7c0", GitTreeState:"clean", BuildDate:"2018-09-28T15:20:58Z", GoVersion:"go1.11", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"11", GitVersion:"v1.11.3", GitCommit:"a4529464e4629c21224b3d52edfe0ea91b072862", GitTreeState:"clean", BuildDate:"2018-09-09T17:53:03Z", GoVersion:"go1.10.3", Compiler:"gc", Platform:"linux/amd64"}
Environment:




    

OS (e.g. from /etc/os-release): Ubuntu 16.04
Kernel (e.g. uname -a): Linux rancher 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
Install tools: Rancher 2.1.1
Others:
What happened:

The Nginx ingress does not have a private IP from canal. And when it communicates with services, it uses the instance public IP instead of using the internal network for some reason.
kubectl get ingress
NAME           HOSTS             ADDRESS   PORTS   AGE
example-ingress   example.com    111.22.33.44         80      5m
I need to detect the nginx ingress range to whitelist it as a proxy for my webserver, so I can get the real remote IP.
I tried both the nginx ingress that comes with Rancher and with helm to enable --report-node-internal-ip-address=true:
helm upgrade --install ingress --namespace=ingress --set rbac.create=true,controller.kind=DaemonSet,controller.service.type=ClusterIP,controller.hostNetwork=true,controller.extraArgs.report-node-internal-ip-address=true stable/nginx-ingress
Service and ingress:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    nginx.ingress.kubernetes.io/ingress.class: nginx
    kubernetes.io/ingress.class: nginx
  name: app-ingress
  namespace: app
spec:
  rules:
  - host: example.com
    http:
      paths:
      - path: /
        backend:
          serviceName: app-service
          servicePort: 80
apiVersion: v1
kind: Service
metadata:
  name: app-service
  namespace: app
spec:
  selector:
    app: app
  type: ClusterIP
  ports:
  - name: http
    port: 80
    targetPort: 80
    protocol: TCP
The exact same setup works fine on a kubeadm setup. But without setting ClusterIP,controller.hostNetwork=true,controller.extraArgs.report-node-internal-ip-address=true
If I do not use hostNetwork=true then the ingress doesn't work.
What you expected to happen:

I should see the private IP of pod instead of the public IP

Ingress only works if hostNetwork=true #3524

rancher/rancher#16764

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Ingress only works if hostNetwork=true #3524

Description

rancher/rancher#16764

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions