How Do I Obtain the Actual Source IP Address of a Client After a Service Is Added into Istio?

Symptom

After Istio is enabled, the source IP address of the client cannot be obtained from access logs.

Solution

This section uses the Nginx application bound to an ELB Service as an example. The procedure is as follows:

1. Enabling the function of obtaining the client IP address on the load balancer
   

   Transparent transmission of source IP addresses is enabled for dedicated load balancers by default. You do not need to manually enable this function.

   1. Log in to the ELB console.
   2. Click in the upper left corner of the management console and select a region and a project.
   3. Click Service List. Under Networking, click Elastic Load Balance.
   4. On the Load Balancers page, click the name of the load balancer.
   5. Click the Listeners tab, locate the row containing the target listener, and click Edit. If modification protection exists, disable the protection on the basic information page of the listener and try again.
   6. Enable Transfer Client IP Address.
      Figure 1 Enabling the function
      

2. Updating the gateway associated with a Service
   1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Networking.
   2. On the displayed page, switch to the istio-system namespace and update the gateway associated with the Service.

      

   3. Change the level of the Service automatically generated in the istio-system namespace to the node level.

      

3. Verifying the obtained source IP address
   1. Use kubectl to connect to the cluster.
   2. Query the Nginx application logs.

      kubectl logs <pod_name>

      In this example, the source IP address obtained by the Nginx application is as follows: