callumpjackson
commented
4 months ago Hi Heber - to preserve the client IP, IBM MQ needs to support the proxy protocol. This is NOT related to the helm chart, but the underlying IBM MQ code base. This is NOT currently supported and there is a request for enhancement already available here. I would encourage yourself and anyone else who feels this is a required feature to vote for the enhancement.
Hi we are testing this deployment, but we identified that client IP address are not preserved even if we enabled ProxyProtocol in NGINX Controller.
NGINX configmap settings:
data: allow-snippet-annotations: "true" compute-full-forwarded-for: "true" use-forwarded-headers: "true" use-proxy-protocol: "true"
NGINX LoadBalancer Service:
externalTrafficPolicy: Local allocateLoadBalancerNodePorts: false
QMGR Service settings:
metadata: name: qmtest-ibm-mq-qm annotations: service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true" spec: externalTrafficPolicy: Local internalTrafficPolicy: Cluster type: NodePort
This configuration works to Preserve Client IP Address in other Kubernetes based applications that we have, but only on MQ Container client IP preservation not working and "DISPLAY CONN(*) CHANNEL CONNAME" still showing the K8S LoadBalancer IPs in CONNAME section as can see in the image.
Have some example of how to configure MQ services to Preserve IP Clients when connecting using a LoadBalancer ?