Make original client-ip visible inside Solace when running in Kubernetes
we are running Solace in a Kubernetes Cluster. We have the issue that all connected clients are only shown with a IP address from the internal K8S Cluster subnet (e.g. 10.240.0.0/24).
Our setup is as follows:
- We are using Traefik as IngressController
- Traefiks service is set to be of type LoadBalancer (getting assigned a public IP)
- The L4 LoadBalancer is provided by Yawol
- The service of the Solace instance is set to ClusterIP
- We define a (set of) IngressRouteTCP to route TCP traffic towards Solace through Traefik.
On the Yawol-LoadBalancer and Traefik I have the option to enable the "Proxy Protocol" which provides a convenient way to safely transport connection information such as a client's address across multiple layers of NAT or TCP proxies (see)
This works up until Traefik, once the packages get routed towards the Solace Broker the information seems to get lost (or Solace does not handle the Proxy Protocol ?) and the clients are only shown with the kubernetes cluster internal IP.
My questions would be:
- Does someone know if Solace has envoy support for proxy protocol ?
- Do I have other options to get the client ip without changing my setup ?
- Maybe someone knows if this would work if I skip the IngressController in the middle and assign directly to the Solace Service a public IP ?
I tried to draw my setup - maybe this helps to showcase what I am trying to achieve
- Documentation for Traefik proxy protocol: