FyraLabs / chisel-operator

Kubernetes Operator for Chisel
https://chisel.fyralabs.com
GNU General Public License v3.0
80 stars 8 forks source link

[FEAT] getting real client IP #144

Closed venkatamutyala closed 2 days ago

venkatamutyala commented 4 days ago

I'm using chisel operator with ingress nginx it looks like by default I can only see the IP of the chisel pods. Is there a way to get the client IP? I'd like to leverage it to do some advance operations based on IP within my nginx setup.

linear[bot] commented 4 days ago

FYRA-126 [FEAT] getting real client IP

korewaChino commented 3 days ago

I don't think so, unless Chisel has an option to pass a HTTP header when it detects HTTP traffic.

Chisel is a first and foremost TCP and UDP tunnel, so I don't think this is the case. The chisel operator also treats the tunnel like any normal TCP traffic by specifically setting ip:port/tcp in the args, so it does not process any headers.

korewaChino commented 3 days ago

I found an issue related here https://github.com/jpillora/chisel/issues/266

venkatamutyala commented 2 days ago

Thanks Cappy. I had a few minutes to do some more research, and it appears if Chisel supported the PROXY Protocol (v2?), it would send over the data needed for my ingress (e.g., nginx) to detect the IP. I opened up a ticket here: https://github.com/jpillora/chisel/issues/540

ref: https://inlets.dev/blog/2022/09/02/real-client-ips-with-proxy-protocol.html https://aws.amazon.com/blogs/networking-and-content-delivery/preserving-client-ip-address-with-proxy-protocol-v2-and-network-load-balancer/

korewaChino commented 2 days ago

Will this require any changes to the operator?

venkatamutyala commented 2 days ago

I think at this time it makes sense to close this out until the support exists upstream.