just use protocol: HTTPSPROXY with protocolStack: [“PROXY”,”TLS”,”HTTP”,”TCP”]
$ k get listeners.getambassador.io -n emissary emissary-ingress-https-listener
NAME PORT PROTOCOL STACK STATSPREFIX SECURITY L7DEPTH
emissary-ingress-https-listener 8443 HTTPSPROXY ["PROXY","TLS","HTTP","TCP"] SECURE
$ k get listeners.getambassador.io -n emissary emissary-ingress-https-listener -o yaml
apiVersion: getambassador.io/v3alpha1
kind: Listener
metadata:
name: emissary-ingress-https-listener
namespace: emissary
spec:
hostBinding:
namespace:
from: ALL
port: 8443
protocol: HTTPSPROXY
protocolStack:
- PROXY
- TLS
- HTTP
- TCP
securityModel: SECURE
"x-forwarded-for": "1xx.1yy.193.48",
"x-forwarded-proto": "https",
"x-envoy-external-address": "1xx.1yy.193.48",Result: Client IP printed on Ingress log and header.
That’s all.
