After k8s deploys tomcat nginx and other services, it cannot obtain the user’s real IP clientip information when the user serves the service.

  docker, question

After k8s deploys tomcat nginx and other services, when users service, they cannot obtain the real IP clientip information of users, but only the virtual network segment address.

Keep client source IP
Due to the implementation of this function, the source IP seen in the destination container will not be the original source IP of the client. To enable retention of client IP, the following fields can be configured in the service specification (supported in GCE/Google Kubernetes engine environment):
● Service. Spec. ExternalTraffic Policy-Indicates whether the service wishes to route external traffic to nodes local or cluster-wide endpoints. There are two options available: Cluster (default) and Local. The “cluster” masks the client source IP and may cause a second hop to another node, but should have good overall load dispersion. “Local” retains the client source IP and avoids the second hop of LoadBalancer and NodePort type services, but may cause traffic imbalance to spread.
● Service.spec.healthcheckdeport-Specifies the health check node port (digital port number) of the service. If not specified, healthCheckNodePort is created by the service API backend with the assigned node port. If specified by the client, it will use the nodePort value specified by the user. It only works when the type is set to “LoadBalancer” and externalTrafficPolicy is set to “Local”.
This function can be activated by setting externalTrafficPolicy to “Local” in the service configuration file.

 "kind": "Service",
 "apiVersion": "v1",
 "metadata": {
 "name": "example-service"
 "spec": {
 "ports": [{
 "port": 8765,
 "targetPort": 9376
 "selector": {
 "app": "example"
 "type": "LoadBalancer",
 "externalTrafficPolicy": "Local"