Tanzu Kubernetes Grid Integrated Edition Loadbalancer Does Not Include X-Forwarded-Proto Headers
Article ID: 316812
Updated On:
Products
VMware Tanzu Kubernetes Grid Integrated Edition
Issue/Introduction
Symptoms:
- NSX-T loadbalancer is not adding X-Forwarded-Proto header as part of http request after SSL offloading for https request.
- The NSX-T/NCP version in use is below the 3.0 version.
- The TKGI version in use is below the 1.8 version.
Environment
VMware PKS 1.x
Resolution
This is expected behavior in PKS/TKGI 1.7.x and earlier version as these versions do not support X-Forwarded-Proto headers for the load balancers. Neither does NSX-T 2.5.x and earlier. If the environment has either of these versions or earlier then load balance traffic will not include the X-Forwarded-Proto header.
Support for X-Forwarded-Proto was added in NCP 3.0.x when used with NSX-T 3.0.x. TKGI 1.8.0 is the first version to include this. Upgrade to TKGI 1.8.x or later with a compatible version of NSX-T that is 3.0.x or later. See the TKGI release notes for version details.
Once upgraded enable X-Forwarded-For in the cluster network-profile. This will automatically enable X-Forwarded-Proto and X-Forwarded-Port. An example of how to do this can be found in the TKGI documentation .
Support for X-Forwarded-Proto was added in NCP 3.0.x when used with NSX-T 3.0.x. TKGI 1.8.0 is the first version to include this. Upgrade to TKGI 1.8.x or later with a compatible version of NSX-T that is 3.0.x or later. See the TKGI release notes for version details.
Once upgraded enable X-Forwarded-For in the cluster network-profile. This will automatically enable X-Forwarded-Proto and X-Forwarded-Port. An example of how to do this can be found in the TKGI documentation .
Feedback
Yes
No
Powered by
