This post will quickly show you how to enable ProxyProtocol for your Nginx Ingress Controller on AWS.

Assumptions

All you need to do is add some configuration properties, and a few annotations to your service. These can be toggled on/off even after a LoadBalancer has been created.

Warning

Some applications don't work well with ProxyProtocol. Be careful.

Steps

In values.yaml, set these:

controller:
  config: 
    use-forwarded-headers: "true"
    compute-full-forwarded-for: "true"
    # be wary of k8s bug affecting cert-manager with ProxyProtocol
    # https://github.com/jetstack/cert-manager/issues/466
    use-proxy-protocol: "true"
    
  service:
    annotations:
      service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "tcp"
      service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"

These config properties are automatically injected into ConfigMap NAME_OF_CHART-nginx-ingress-controller in your controller's namespace.

After deploying these changes, downstream applications will see source IPs.

Further Reading