How to set X-Forwarded-For to preserve client IP address in OpenShift application

Solution Verified - Updated -

Issue

  • User wants to configure HTTP header 'X-Forwarded-For' through F5 load balancer and send it to the pods.
  • The goal is to pass the source client's real IP address and deliver it to the applications running on the pods
  • When admin enable TLS on F5, the cluster operator Authentication becomes unavailable because the healthcheck fails due to error code 503.
("OAuthServerRouteEndpointAccessibleControllerDegraded: \"https://oauth-openshift.apps.cluster.xyz/healthz\" returned \"503 Service Unavailable\"")
  • When the cluster operator Authentication is Degraded, the login page does not show up anymore, instead it shows the message Application not available
  • Is there a way we could change traffic mode from passthrough to reencrypt for oauth-openshiftendpoint?

Environment

  • Red Hat OpenShift Container Platform 4.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content