This message was deleted.

no. ingress controllers function as a reverse proxy; they terminate the request and make a new request to the backend, on a completely different TCP connection. You can pass the original client IP through in headers though.

I figured.. but wasn’t sure if someone would know here. I’ll keep poking around

I mean, the answer is no. you’re not going to get a different answer if you do more research.

Well you mentioned being able to pass it via headers.. so, researching that.

a starter:

apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
  name: rke2-ingress-nginx
  namespace: kube-system
spec:
  valuesContent: |-
    controller:
      config:
        use-forwarded-headers: 'true'
        use-proxy-protocol: 'true'

interesting.. applying this would make one additional change that i dont have currently (forwarding headers)... when I spoke to the k8s ingress-nginx folks, he told me that I would have to re-deploy rke2 without the ingress controller from rke2 in place, install theirs separately, add in metallb to provide an IP to the ingress-nginx controller service and then use the

externalTrafficPolicy: Local

line in the spec for the service

That sounds like overkill

I agree… especially for a single node, single cluster environment