Hi,
Most of our traffic comes in from pods running in k8s clusters and traverses a haproxy load-balancer enroute to elasticsearch. So, the XFF header shows the ip address of the inbound k8s node.
How do you recommend that we identify the inbound pod traffic so we can easily identify them at the backend? Fluentd has the abilty to set custom headers. So, we can do whatever works best for RoR.
If I read this correctly, you would like a x_forwarded_for rule, but with customizable header name. So you can inject the IP from a custom header in Fluentd?
Yes, that’s correct. But it doesn’t have to be ip - that’s just one option. We could also use an identifying label from the ingestion pipeline unique to each pod. Using labels would be less expensive on the transmission side…
I realise that x_forwarded_for or similar would need ip’s for filtering purposes. Human readable labels/strings would be useful at the kibana end though.